Sharing S3 Buckets and all sub folders

I recently needed to share an S3 bucket and all the sub-folders (objects) within it, but it wasn’t immediately obvious how to do it. After some experimentation I discovered the following solution.

If you want to give someone full read access to all objects within a bucket. You must:

  1. Set up the ACL on the bucket itself to give them list and view permissions.
  2. Set up a bucket policy on the bucket itself to apply to the all objects within that bucket:
{
	"Version": "2008-10-17",
	"Id": "PolicyToAllowFredReadAccess",
	"Statement": [
		{
			"Sid": "Give Fred Read Access to all objects in this bucket",
			"Effect": "Allow",
			"Principal": {
				"AWS": "arn:aws:iam::12346789012:root"
			},
			"Action": "s3:GetObject*",
			"Resource": "arn:aws:s3:::example-bucket/*"
		}
	]
}

The two relevant parts in here are 1) 12346789012 (the users AWS account id, written on the account page with hyphens 1234-5678-9012) and 2) example-bucket/ – the bucket name.

You can also grant by canonical user id:

{
	"Version":"2008-10-17",
	"Id":"PolicyToAllowFredReadAccess",
	"Statement":[{
			"Sid":"Give Fred Read Access to all objects in this bucket",
			"Effect":"Allow",
			"Principal":{
				"CanonicalUser":"79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be"
			},
			"Action":["s3:GetObject"],
			"Resource":"arn:aws:s3:::example-bucket/*"
		}
	]
}

Import your own RSA SSH key into Amazon EC2

I read a few weeks ago that Amazon now allow you to import your own RSA keys into EC2, but at the time I couldn’t find anywhere that explained how to do it. However, I have now found out how thanks to an egyptian blogger.

It doesn’t look like it’s currently possible through the AWS management console, but you can do it through the command line tools. You have to upload your key to each availability zone separately, but thankfully this can be easily achieved with a one liner…

for r in us-east-1 us-west-1 ap-southeast-1 eu-west-1; do ec2-import-keypair --region $r paul-public-key --public-key-file ~/.ssh/id_rsa.pub ; done

Replace ~/.ssh/id_rsa.pub with the path to your public key, and paul-public-key with the name you would to appear in Amazon for your keys.

NB: You need the ec2 tools set up before you can run this. You will also need to have setup an x509 certificate pair. There’s some useful instructions for this here.

You can read more about the ec2-import-keypair command in the EC2 documentation.

Setting up SnomONE PBX on Centos 5.5

I’ve been looking at the new SnomONE PBX tonight, and have set up a test installation on a virtual machine. I couldn’t see any instructions in their manual for installing on Linux, so I thought I’d blog about the steps I took as it might help someone else!

1. Install Centos 5.5 x86_64 system.

2. SSH into system, and download SnomONE Centos 64 bit version installer from Snom.

cd /root/
wget http://downloads.snom.net/snomONE/centos64/snomone-CentOS5-2011-4.2.0.3950-x64.bin

3. Make the installation script executable:

chmod +x snomone-CentOS5-2011-4.2.0.3950-x64.bin.sh

4. Run the installer script without any arguments to check the integrity of the file:

./snomone-CentOS5-2011-4.2.0.3950-x64.bin.sh

5. Run the installer in install mode

./snomone-CentOS5-2011-4.2.0.3950-x64.bin.sh install

6. Setup firewall rules

echo '
# Generated by iptables-save v1.3.5 on Thu Oct 14 23:11:41 2010
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [11875:1171187]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
# SnomOne Rules
# Web
-A RH-Firewall-1-INPUT -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 443 -j ACCEPT
# SIP
-A RH-Firewall-1-INPUT -p udp --dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 5060 -j ACCEPT
# SIP TLS
-A RH-Firewall-1-INPUT -p udp --dport 5061 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp --dport 5061 -j ACCEPT
# RTP Media Stream
-A RH-Firewall-1-INPUT -p udp --dport 49152:64512 -j ACCEPT
# SNMP
-A RH-Firewall-1-INPUT -p udp --dport 161 -j ACCEPT
# TFTP
-A RH-Firewall-1-INPUT -p udp --dport 69 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Thu Oct 14 23:11:41 2010' > /root/snom-firewall.txt
iptables-restore < /root/snom-firewall.txt
service iptables save

6. Access the admin interface in your web browser…. http://ipaddress-of-centos-box/

Learning RouterOS

We’ve recently purchased a RouterBoard 1000 which we will be using as a VPN server in our office. The documentation is a little complicated for RouterOS novices, so I’ve put this post together to collate some useful tips and instructions.

Finding out the MAC Address of an interface / How to show a mac address on RouterOS

 interface ethernet print

Renewing a DHCP lease (getting a new IP from the DHCP server)

Firstly run

 ip dhcp-client print

To get a list of the interface numbers, then run

 ip dhcp-client renew 0

where 0 is the number of the interface you wish to use.

Adding a VLAN

interface vlan add vlan-id=110 name=manor-core interface=ether2
interface vlan enable manor-core

Summary of Emergency Budget 2010 measures

I’ve seen a lot of different measures from today’s budget quoted in the media, so I thought I’d try to summarise some of the key points in one place for quick reference!

Headline Figures

By 2015/2016….

  • Spending cuts will have reached £99 billion per year.
  • Taxes to rise by £29 billion per year.
  • Total consolidation of £128 billion per year.
  • Government spending to fall to 40% of GDP from 48% in 2010.
  • Tax receipts to rise to 39% of GDP from 37% in 2010.
  • Public sector net debt to be 67.4% of GDP, after peaking at 70.3% in 2013-2014.

Tax changes

  • VAT is rising to 20% from 4th January 2011.
  • Personal income tax allowance for under 65s is rising by £1000 to £7475. Should bring 880,000 low income tax payers out of tax. However, basic rate and higher rate earning limits will be reduced to ensure that higher rate payers do not benefit from the increased personal allowance. The exact figures will be published in September.
  • Employers NI Thresholds will rise by £21 a week (but the NI rate is also rising as per the March budget).
  • Capital gains tax kept at 18% for basic rate tax payers, but rising to 28% for higher rate payers (capital gains added to income to determine if someone is a higher rate payer). The annual exemption will continue to rise inline with inflation, and will remain at £10,100 in 2010/2011.
  • 10% Entrepreneur relief rate allowances raised from £2 million to £5 million of lifetime gains.
  • The main rate of Corporation Tax is to be cut from 28% to 24% by 1% a year over 4 years. The small companies rate will be reduced from 21% to 20%. Starting in April 2011.
  • R&D: The government plans to consult with business to review the taxation of intellectual property, the support R&D tax credits provide for innovation and the proposals of the Dyson Review.
  • No rise in duty on cigarettes, alcohol or fuel (although VAT rise will apply to them). Government is looking into a fuel price stabiliser, and fuel subsidies for rural residents.
  • New businesses setting up outside the South East and London will be exempt from the first £5000 of N.I. payments for the first 10 workers.
  • New levy on banks’ balance sheets (0.03% of total size minus insured retail deposits and capital)

Benefits

  • Child benefit frozen for three years.
  • Tax credits reduced for families earning £40,000+ per year, but increased for low earners – amount per child to raise by £150 per year per child above inflation.
  • Housing benefits capped at £400 per week for 4 bedroom or larger properties, with lower caps for smaller properties (3 beds – £340, 2 beds – £290, 1 bed flat – £250).
  • State pensions to be given triple guarantee – they will rise annually by the greater of earnings, prices or 2.5%.
  • State pension age to rise to 66.

Public Sector

  • 25% cut in spending across all government departments except health and foreign aid. Includes education, defence, local government etc..
  • Public sector workers earning more than £21,000 per year to have pay frozen for 2 years. Workers earning below this will receive a flat rate increase of £250 per year.
  • Public sector pensions to rise only by CPI (which is generally lower than RPI).

Deficit

  • Aiming for cyclically adjusted current budget balance (excludes debt interest, cyclical payments such extra unemployment benefits because we’re in recession, and also capital spending / investment) by 2015/2016.
  • Aiming for public sector net debt as a percentage of GDP to be falling from 2015-16 onwards.

As an investor who seeks to make long term investments in small businesses, this budget is encouraging.

Typos / Errors

  • Page 15: Table 1.1 2014/2015 total numbers for spending and tax don’t add up (83 + 29 != 113).
  • Page 18: incresase should be increase.

How to tab between all fields in OSX

I like to use the keyboard wherever possible, but by default tabbing to certain fields in OSX is disabled. For example, if you try to access a password protected website in Safari, and it pops up with the name and password box, you can’t tab to the “Remember this password in my keychain field”.

However, it is very easy to fix this:

  • Open up System Preferences > Keyboard
  • At the bottom of this window is a section labelled “Full Keyboard Access”. Click the “all controls” option.

And that’s it! You should now be able to tab cycle between all fields including the remember password field in password prompts.

First impressions of the iPad

My iPad arrived on May 27th, a day before it’s official release and I’ve been using it pretty intensively since then. Here are some of my initial observations…

The iPad works really well as a web browsing device, since the high res screen makes web pages look beautiful and the low power ARM based processor means the battery life is fantastic. I’ve only had to charge it once so far with 2 days of heavy use. It would seem that that, unlike the iPhone, the iPad uses very little, if any, power when in standby mode. It effectively behaves like a computer with an instant on/off button. The lack of flash support is a bit frustrating but definitely not a show stopper and as more sites move to using native HTML 5 video this will become even less of an issue. The on screen keyboard is a little bit fiddly, but when you get used to it you can type at pretty much the same speed as a normal keyboard for short bursts. For serious typing you would probably want to make use of an external keyboard.

iPad specific apps look great – check out Weather Pro HD, Plants versus Zombies HD, XPlane 9, Wolfram Alpha and the F1 Timing App to name a few.

The built in apps (contacts, calendar, maps) also look a lot better than their iPhone counterparts as they have been redesigned to take advantage of the larger screen.

The worst thing about the new iPad is that it’s so addictive that you’ll not want to put it down!

Maximum number of domain aliases with Google Apps Premier

We use Google Apps Premier to host Fubra’s e-mails, and on the whole I love it – I get a massively reduced level of spam into my inbox, and searching out old mails is incredibly fast. However, it does lack some of the flexibility of our old internal postfix based system, and this became apparent today when I decided I wanted to host the inbound e-mail for all our 100+ websites on Google Apps as domain aliases to our primary domain.

It turns out that there is a limit to the number of domain aliases you can have. For our account, the limit seemed to be set at 20 domain aliases. After contacting Google, and asking them to raise it, I was told that the maximum number of domain aliases is tied to the maximum number of nicknames per user, which in our case was set to 30.

The more domain aliases you have, the less nicknames you can have, and vice versa. This makes sense as every nickname becomes a valid e-mail address for every domain alias. So if they allowed too many they’d quickly end up with a huge amount of potential e-mail addresses to manage.

The golden rule seems to be:

Max Domain Aliases multiplied by the Max Nicknames Per User must not exceed 600

Therefore, you could have the following rations:

– 6 domain aliases and 100 nicknames per user
– 10 domain aliases and 60 nicknames per user
– 20 domain aliases and 30 nicknames per user
– 30 domain aliases and 20 nicknames per user
– 60 domain aliases and 10 nicknames per user
– 100 domain aliases and 6 nicknames per user

Looking through our 26 user accounts, I could see that only 2 of them had more than 6 nicknames. Initially, I thought this would rule out an increase to 100 domain aliases – but it appears that groups can be used to achieve pretty much the same effect.

Some testing revealed that groupname@primarydomain.com also received e-mails to groupname@aliasdomain.com, and so works in a similar way to a nickname.

So my next task is to remove some of the nicknames and replace them with groups. I should then be able to increase the domain alias count and migrate the remaining domains across!

How to set up iChat for Facebook

Tonight it was announced that Facebook chat now supports XMPP (also known as Jabber). This means that it will work with a host of chat clients, including my personal favourite iChat.

To get it working with iChat you simply follow these steps:

  1. Navigate to iChat > Preferences > Accounts
  2. Click the plus icon in the bottom left hand corner, to add a new account
  3. Select Jabber as the Account Type
  4. Enter username@chat.facebook.com in the Account Name (where username is your facebook username).
  5. Enter your facebook password in the password box.

And that’s it!

Facebook has some instructions on how to set up other popular clients here.

My UK Election Wish List

There will be an election in the UK within the next 6 months, so I thought I would take some time to compile a list of the major issues that will influence my vote.

So here’s my wish list for our next government:

  • All government spending and contracts should be published openly, and available for anyone to download as raw data. The only exception should be staff salaries, which I would consider personal information. Each department should publish their total wage bill, and the number of staff they employ so that the average wage can be seen. Currently, nobody, not even the opposition, may scrutinise government spending on certain large contracts – so no-one knows the true extent of our nations commitments. Commercial confidentiality is often cited as an excuse not release such information – in my opinion, if you are a business who deals with government – you should  accept that your contracts will be public knowledge.
  • All Ordnance Survey and Postcode data should be open and free. There should be a central, authoritative address database that anyone can use. I strongly believe that freeing up all this data will encourage a huge amount of innovation and bring economic benefits of several orders of magnitude bigger than the cost to the public purse.
  • Prevent any bank or business from becoming too big too fail. If a business is too big too fail, it’s too big. It’s not fair to privatise the profits, and socialise the losses, therefore these businesses should be broken up.
  • Pay back the national debt. It’s not a good strategy for individuals or governments to consistently spend more than they earn. Nor is it fair that every child in the UK is born with £30,000+ of public debt. Let’s try to boost the economy through sustainable activities rather then borrowing from the next generation, otherwise interest payments on our debt will soon cost us more than the whole education budget.
  • Simplify the tax system. The current system is hideously complex and inefficient. Surely we could save some money by simplifying things. Do tax inspectors really add much value to society? Couldn’t we redeploy most of them as Doctors, or scientists instead? (Or indeed any other job!) Do we need so many loop holes and tax reliefs – a simple lower tax rate would be more efficient. How about a single flat tax for income, capital gains and profits, say 25%. Really rich people don’t pay much tax in the UK currently as they just move to Monaco or other low tax jurisdictions. So, if we got the balance right we could probably collect more tax with a lower tax rate than we do currently.
  • Encourage entrepreneurship. Cut back on the amount of paperwork (red tape) that businesses must complete.
  • Streamline public procurement and encourage small business to bid for contracts. Let’s make it easier for small business to compete to provide products and services to the government.
  • Protect front line services (Doctors, Nurses, Policemen, Firemen), but reduce the size of the state through efficiency savings, removing bureaucracy and getting rid of most quangos.
  • Re-structure the benefits system to encourage work. Most people I know who are on benefits want to work, but they find it hard because they will be worse off if they take a minimum wage job. We need to ensure that it pays to work.
  • Consider a citizen’s income (also known as basic income) instead of benefit payments, and thus increase the incentive to work. I’ve not fully costed this one, and I’m not even sure it would work – but I definitely think it’s an interesting concept that’s worth considering. Here’s how it would work: All citizens would receive a flat monthly payment regardless of whether they are employed or not. Adults would receive more than children. Parents would receive their children’s payments on their behalf. It would be paid without requiring the citizen to work, or requiring them to accept a job if offered one. Do we really need full employment? If some people don’t want to work then that is their choice. However, if they do get a job, they get to keep all their citizen’s income, so there is no disincentive to work for those who want to. Basic social housing would then be rented back to families for a portion of their income. The incentive to work would be for anyone who wants to live in better accommodation than the basic social housing they rent, or if they want to go on holidays or have luxury goods, etc…  You would probably need to scrap the basic tax free allowances in order to fund it, however the marginal benefit of working would increase – people wouldn’t risk loosing their basic income if they accepted any work. We would not need as many staff at HMRC.
  • Simplify the planning system, and consider building more towns on agricultural land. I think ultimately we will need to build more new towns. People rightly complain when more housing is packed into smaller and smaller spaces in existing towns, leading to over stretched public services and infrastructure. Planning standards should ensure a low environmental impact of new developments, but not mean that we all have to live in shoe box flats. They should provide open and transparent rules that are positively biased (i.e. you can build here as long as… ) rather than the planning lottery that we currently have. If the rules were simple to apply it would encourage much more investment in housing. Most of us aspire to live in a detached house and surely the gardens that come with these are better for bio-diversity than the tarmac car parks of a block of flats, or even the single crop agricultural land that they could be built on. Even if we doubled the amount of urban areas in the UK we’d still only be approaching the level of urbanisation of the Netherlands. There is definitely not a shortage of land in the UK! As a nation we are perfectly capable of building larger, more affordable, higher quality, more sustainable, lower emission houses. We just need to sort out the planning system!

What are you wishes for the next government? Add a comment to this post!