Category: Tech

Check Your Passwords

While I was away at Southwest Fox, my web server got hit by ransomware. I’d like to say it was a sophisticated attack that got past my due diligence protections, but it wasn’t. It was a simple brute force password guesser and I was using a password on the server I knew was compromised.

Now, I can be dumb, but I’m not so dumb as to knowingly use a bad password on a production server. The problem was that I use Remote Desktop Manager to easily and automatically log me in to my various servers. Since I never typed in the password myself, I wasn’t aware that it was using an old, compromised password. Duh. (so, in a way, this is all Rick Borup‘s fault for introducing me to that software. And Rick wasn’t at Southwest Fox this year. Seems suspicious.)

So, don’t do what I did. Go check all the various ways you automatically log-in to stuff and make sure you’re not using some old, bad password.

Luckily this server didn’t have any mission critical apps, my documentation was good, and my backup plan was solid. It was 12 painful, tedious hours, but I managed to get everything back and running on shiny new AWS server.

With a good, secure password on it.

 

 

Advertisements

Mercado API

My travels through Reseller API land continues.

Mercado is a reseller site specializing in Central and South America. We’re using it to sell in Mexico and Brazil. It’s a nice service in that it takes care of the shipping, exchange rate & customs issues that come up with international trade. Specifically, you can upload your products with the price you want to sell it for. Mercado, when it presents your product to a customer, adjusts the price for all of that. You get the dollars you want, they handle the rest.

Documentation for the Mercado API is very weak. First off, there are a couple different APIs floating around, but the one you want is the Cross Border Trade (CBT) API. That’s just one lonely PDF without cool hyperlinks, a discussion forum, a sandbox for testing calls, or any of niceties some APIs have. Other things you want, like how do I actually ship a product once I get an order, aren’t covered in the documentation at all.

Like Jet, Mercado does come with a test URL where you can test your API. Also like Jet, this API doesn’t really work:

  • While you can publish a product to the test site, you can’t view your product.
  • The live site requires an API call to Publish your product. This doesn’t work in test so you can’t really test out your full process.

Mercado support has been pretty bad. It’s taken weeks at times to get answers to simple questions.

One gotcha, that is not covered in the documentation, is that Mercado limits the number of products you can have at the beginning. We were limited to 1000 products right at the beginning (we have 400,000 in total). Once an order had come through and we fulfilled it, they raised our limit to 80,000 products and we were told “let’s see how that goes”. We’re still waiting to get our full catalog active on Mercado.

Update 11/29/17: Like Jet, Mercado’s portal doesn’t work. There’s a place where you can search for one of your products – but it doesn’t do anything. That leaves you no way to lookup a specific item, see if it’s live or what the listing looks like. There’s also a filter there with “Products with Sales” that shows nothing even though we have sales.

Canva for Quick Graphics

As a computer programmer, I’m legally barred from having any artistic ability whatsoever. That was fine back in the days of punch cards, but it’s super inconvenient today because computers today come with screens. Screens that frequently need graphics.

Canva.com has been a huge help for me when I need to create some simple graphics – a banner, a business card, a button image, a Facebook ad, whatever. It’s mostly free (you can pay a couple bucks for graphics and such), easy to use and flexible.

Here’s a quick graphic I did for a business card for my local PTSA. I stole the graphic from the school website (thanks Snagit!) and combined it with some text using Canva:

canva1

And a banner I could slap into my Teamviewer client:

canva2

A skilled graphic artist would certainly do better, but for all my quick & free needs, Canva has been great.

Google Keep – Not There Yet

I’ve pretty much given over everything to Google at this point with two hold outs remaining: OneNote for notes (thanks to the Eric Selje presentation at Southwest Fox) and gQueues for managing tasks/to-dos.

I keep hoping that Google Keep might be able to replace those two things – giving me a little more integration and giving Goole a little more of my soul – but the app is missing a couple key things:

  • No text formatting. I could probably live without bold/italics, but Keep’s inability to – for example – let me  copy a table from a web page and paste it in is kind of a killer.
  • Keep can’t order your notes within a label. Sure, Keep will let you rearrange/order your notes on the main page – where I have a couple hundred personal and business notes – Not convenient. OneNote and gQueues (more importantly for GTD) let me order things within a category. This is a deal breaker.
  • gQueues has really smart recurring task settings. The one I use all the time is “repeat this task X days after I complete it” (doing the laundry for example, I need to do that every 7 days or so. I don’t need to do it every Wednesday). Because sometimes I don’t always GTD when I’m supposed to GTD. Keep only has the very dumb “repeat every X days”. I could create a non-recurring task and just continually move it when I’m done, but that’s annoying and doesn’t give you the little dopamine rush of marking it done.
  • OneNote has a great web clipper that lets you grab the whole web page, part of the page, can recognize if it’s a recipe and cleans it up, and then ultimately stores the web page all nice and pretty in a note. Keep can only put the link in a note for you. I suppose that’s better than nothing, but it is frequently worthless when I’m trying to search for a recipe and the recipe name isn’t in the link.

So until Keep gets an upgrade (and I have little hope of that. Google seems to release stuff and then be done with it) I’ll keep using OneNote (which is slow, clunky, and doesn’t integrate with my other Google apps) and gQueues (which I actually really kind of love and don’t mind paying the $25 a year for and does integrate nicely with my Google calendar).

 

dbSchema

One of the most interesting things I saw at Southwest Fox was Tuvia’s presentation of dbSchema (see his white paper for all the great things about dbSchema). I rushed home, got it installed, and … ran into some issues. It’s still a great tool that I’ll be using, just not quite as great as I hoped. Here are the issues I’ve run into:

Comparing Schemas

In theory: With dbSchema, I’ve got one schema for my development database and then at the client I’ve got a schema for the production database. When I’m ready to go live, I just compare the two schemas and it’ll show me the differences and update my production database.

In reality: dbSchema is reporting a lot of differences that don’t appear to be differences:

dbSchemaDiff

This might be because my development server is SQL 2012 while the client is SQL 2005. Maybe if I went ahead and made those changes, the differences would go away. I haven’t been brave enough though to make a couple thousand changes to the production database.

I had hoped this would be automatic, instead I have to hunt through this list to find the actual changes. Still better than having to remember the changes or document them as I develop.

Layouts

dbSchema has a great tool called Layouts that you can use to document your database. It can show what tables are linked to what, what the keys are, add comments, etc. My client in this case is pretty tech savvy and I was excited to do the Layouts in development and then synch them up to the production schema.

Alas, the compare schema function does not synch the layouts. I can’t find a way to export/import a layout from one schema to another.

You could get around this by having just one schema – just replace the production one, but that then erases any work the client did.

HTML Documentation

dbSchema has a cool tool that exports all of your layouts to HTML which is nice. Each layout goes to a separate HTML page. There is not an index page or a way to navigate from one page to another page though. Minor annoyance.