Recherche avancée

Sur d’autres sites (10530)

• Small Time DevOps

  1er janvier 2021, par Multimedia Mike — General

  When you are a certain type of nerd who has been on the internet for long enough, you might run the risk of accumulating a lot of projects and websites. Website-wise, I have this multimedia.cx domain on which I host a bunch of ancient static multimedia documents as well as this PHP/MySQL-based blog. Further, there are 3 other PHP/MySQL-based blogs hosted on subdomains. Also, there is the wiki, another PHP/MySQL web app. A few other custom PHP- and Python-based apps are running around on the server as well.

  While things largely run on auto-pilot, I need to concern myself every now and then with their ongoing upkeep.

  If you ask N different people about the meaning of the term ‘DevOps’, you will surely get N different definitions. However, whenever I have to perform VM maintenance, I like to think I am at least dipping my toes into the DevOps domain. At the very least, the job seems to be concerned with making infrastructure setup and upgrades reliable and repeatable.

  Even if it’s not fully automated, at the very least, I have generated a lot of lists for how to make things work (I’m a big fan of Trello’s Kanban boards for this), so it gets easier every time (ideally, anyway).

  Infrastructure History

  For a solid decade, from 2004 to 2014, everything was hosted on shared, cPanel-based web hosting. In mid-2014, I moved from the shared hosting over to my own VPSs, hosted on DigitalOcean. I must have used Ubuntu 14.04 at the time, as I look down down the list of Ubuntu LTS releases. It was with much trepidation that I undertook this task (knowing that anything that might go wrong with the stack, from the OS up to the apps, would all be firmly my fault), but it turned out not to be that bad. The earliest lesson you learn for such a small-time setup is to have a frontend VPS (web server) and a backend VPS (database server). That way, a surge in HTTP requests has no chance of crashing the database server due to depleted memory.

  At the end of 2016, I decided to refresh the VMs. I brought them up to Ubuntu 16.04 at the time.

  Earlier this year, I decided it would be a good idea to refresh the VMs again since it had been more than 3 years. The VMs were getting long in the tooth. Plus, I had seen an article speculating that Azure, another notable cloud hosting environment, might be getting full. It made me feel like I should grab some resources while I still could (resource-hoarding was in this year).

  I decided to use 18.04 for these refreshed VMs, even though 20.04 was available. I think I was a little nervous about 20.04 because I heard weird things about something called snap packages being the new standard for distributing software for the platform and I wasn’t ready to take that plunge.

  Which brings me to this month’s VM refresh in which I opted to take the 20.04 plunge.

  Oh MediaWiki

  I’ve been the maintainer and caretaker of the MultimediaWiki for 15 years now (wow ! Where does the time go ?). It doesn’t see a lot of updating these days, but I know it still serves as a resource for lots of obscure technical multimedia information. I still get requests for new accounts because someone has uncovered some niche technical data and wants to make sure it gets properly documented.

  MediaWiki is quite an amazing bit of software and it undergoes constant development and improvement. According to the version history, I probably started the MultimediaWiki with the 1.5 series. As of this writing, 1.35 is the latest and therefore greatest lineage.

  This pace of development can make it a bit of a chore to keep up to date. This was particularly true in the old days of the shared hosting when you didn’t have direct shell access and so it’s something you put off for a long time.

  Honestly, to be fair, the upgrade process is pretty straightforward :

  1. Unpack a set of new files on top of the existing tree
  2. Run a PHP script to perform any database table upgrades

  Pretty straightforward, assuming that there are no hiccups along the way, right ? And the vast majority of the time, that’s the case. Until it’s not. I had an upgrade go south about a year and a half ago (I wasn’t the only MW installation to have the problem at the time, I learned). While I do have proper backups, it still threw me for a loop and I worked for about an hour to restore the previous version of the site. That experience understandably left me a bit gun-shy about upgrading the wiki.

  But upgrades must happen, especially when security notices come out. Eventually, I created a Trello template with a solid, 18-step checklist for upgrading MW as soon as a new version shows up. It’s still a chore, just not so nerve-wracking when the steps are all enumerated like that.

  As I compose the post, I think I recall my impetus for wanting to refresh from the 16.04 VM. 16.04 used PHP 7.0. I wanted to upgrade to the latest MW, but if I tried to do so, it warned me that it needed PHP 7.4. So I initialized the new 18.04 VM as described above… only to realize that PHP 7.2 is the default on 18.04. You need to go all the way to 20.04 for 7.4 standard. I’m sure it’s possible to install later versions of PHP on 16.04 or 18.04, but I appreciate going with the defaults provided by the distro.

  I figured I would just stay with MediaWiki 1.34 series and eschew 1.35 series (requiring PHP 7.4) for the time being… until I started getting emails that 1.34 would go end-of-life soon. Oh, and there are some critical security updates, but those are only for 1.35 (and also 1.31 series which is still stubbornly being maintained for some reason).

  So here I am with a fresh Ubuntu 20.04 VM running PHP 7.4 and MediaWiki 1.35 series.

  How Much Process ?

  Anyone who decides to host on VPSs vs, say, shared hosting is (or ought to be) versed on the matter that all your data is your own problem and that glitches sometimes happen and that your VM might just suddenly disappear. (Indeed, I’ve read rants about VMs disappearing and taking entire un-backed-up websites with them, and also watched as the ranters get no sympathy– “yeah, it’s a VM ; the data is your responsibility”) So I like to make sure I have enough notes so that I could bring up a new VM quickly if I ever needed to.

  But the process is a lot of manual steps. Sometimes I wonder if I need to use some automation software like Ansible in order to bring a new VM to life. Why do that if I only update the VM once every 1-3 years ? Well, perhaps I should update more frequently in order to ensure the process is solid ?

  Seems like a lot of effort for a few websites which really don’t see much traffic in the grand scheme of things. But it still might be an interesting exercise and might be good preparation for some other websites I have in mind.

  Besides, if I really wanted to go off the deep end, I would wrap everything up in containers and deploy using D-O’s managed Kubernetes solution.

  The post Small Time DevOps first appeared on Breaking Eggs And Making Omelettes.

• ffmpeg : merge two video gives error

  7 février 2015, par gderaco

  Command is :

  ./ffmpeg -i /sdcard/video.mp4 -i /sdcard/video-zoom.mp4 -strict -2 -threads 5 -preset ultrafast -filter_complex [0:0][0:1][1:0][1:1]concat=n=2:v=1:a=1[v][a] -map ’[v]’ -map ’[a]’ /sdcard/video-final.mp4

  Output is : WARNING : linker : ./ffmpeg has text relocations. This is
  wasting memory and is a security risk. Please fix. ffmpeg version
  n2.4.2 Copyright (c) 2000-2014 the FFmpeg developers built on Oct 7
  2014 15:08:46 with gcc 4.8 (GCC) configuration : —target-os=linux
  —cross-prefix=/home/sb/Source-Code/ffmpeg-android/toolchain-android/bin/arm-linux-androideabi-
  —arch=arm —cpu=cortex-a8 —enable-runtime-cpudetect —sysroot=/home/sb/Source-Code/ffmpeg-android/toolchain-android/sysroot —enable-pic —enable-libx264 —enable-libass —enable-libfreetype —enable-libfribidi —enable-fontconfig —enable-pthreads —disable-debug —disable-ffserver —enable-version3 —enable-hardcoded-tables —disable-ffplay —disable-ffprobe —enable-gpl —enable-yasm —disable-doc —disable-shared —enable-static —pkg-config=/home/sb/Source-Code/ffmpeg-android/ffmpeg-pkg-config —prefix=/home/sb/Source-Code/ffmpeg-android/build/armeabi-v7a-neon —extra-cflags=’-I/home/sb/Source-Code/ffmpeg-android/toolchain-android/include
  -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fno-strict-overflow -fstack-protector-all -mfpu=neon’ —extra-ldflags=’-L/home/sb/Source-Code/ffmpeg-android/toolchain-android/lib
  -Wl,-z,relro -Wl,-z,now -pie’ —extra-libs=’-lpng -lexpat -lm’ —extra-cxxflags= libavutil 54. 7.100 / 54. 7.100 libavcodec 56. 1.100 / 56. 1.100 libavformat 56. 4.101 /
  56. 4.101 libavdevice 56. 0.100 / 56. 0.100 libavfilter 5. 1.100 / 5. 1.100 libswscale 3. 0.100 / 3. 0.100 libswresample 1. 1.100 / 1. 1.100 libpostproc 53. 0.100 /
  53. 0.100 Input #0, mov,mp4,m4a,3gp,3g2,mj2, from ’/sdcard/video.mp4’ : Metadata :
  major_brand : mp42
  minor_version : 0
  compatible_brands : mp42isomavc1
  creation_time : 2010-03-20 21:29:11
  encoder : HandBrake 0.9.4 2009112300 Duration : 00:00:05.57, start : 0.000000, bitrate : 551 kb/s
  Stream #0:0(und) : Video : h264 (Constrained Baseline) (avc1 / 0x31637661), yuv420p(tv, bt709), 560x320, 465 kb/s, 30 fps, 30 tbr,
  90k tbn, 60 tbc (default)
  Metadata :
  creation_time : 2010-03-20 21:29:11
  encoder : JVT/AVC Coding
  Stream #0:1(eng) : Audio : aac (mp4a / 0x6134706D), 48000 Hz, mono, fltp, 83 kb/s (default)
  Metadata :
  creation_time : 2010-03-20 21:29:11 Input #1, mov,mp4,m4a,3gp,3g2,mj2, from ’/sdcard/video-zoom.mp4’ : Metadata :
  major_brand : isom
  minor_version : 512
  compatible_brands : isomiso2avc1mp41
  encoder : Lavf56.4.101 Duration : 00:00:05.00, start : 0.000000, bitrate : 1901 kb/s
  Stream #1:0(und) : Video : h264 (Constrained Baseline) (avc1 / 0x31637661), yuvj420p(pc), 1280x720, 1899 kb/s, 25 fps, 25 tbr, 12800
  tbn, 50 tbc (default)
  Metadata :
  handler_name : VideoHandler

  Stream specifier ’:1’ in filtergraph description
  [0:0][0:1][1:0][1:1]concat=n=2:v=1:a=1[v][a] matches no streams.

  ---

• How to keep personally identifiable information safe

  23 janvier 2020, par Joselyn Khor
  The protection of personally identifiable information (PII) is important both for individuals, whose privacy may be compromised, and for businesses that may have their reputation ruined or be liable if PII is wrongly accessed, used, or shared.

  Curious about what PII is ? Here’s your introduction to personally identifiable information.

  Due to hacking, data leaks or data thievery, PII acquired can be combined with other pieces of information to form a more complete picture of you. On an individual level, this puts you at risk of identity theft, credit card theft or other harm caused by the fraudulent use of your personal information.

  On a business level, for companies who breach data privacy laws – like Cambridge Analytica’s harvesting of millions of FB profiles – the action leads to an erosion of trust. It can also impact your financial position as heavy fines can be imposed for the illegal use and processing of personally identifiable information.

  So what can you do to ensure PII compliance ?

  On an individual level :

  1. Don’t give your data away so easily. Although long, it’s worthwhile to read through privacy policies to make sure you know what you’re getting yourself into.
  2. Don’t just click ‘agree’ when faced with consent screens, as consent screens are majorly flawed. Users mostly always opt in without reading and without being properly informed what they opt in to.
  3. Did you know you’re most likely being tracked from website to website ? For example, Google can identify you across visits and websites. One of the things you can do is to disable third party cookies by default. Businesses can also use privacy friendly analytics which halt such tracking. 
  4. Use strong passwords.
  5. Be wary of public wifi – hackers can easily access your PII or sensitive data. Use a VPN (virtual private network), which lets you create a secure connection to a server of your choosing. This allows you to browse the internet in a safe manner.

  A PII compliance checklist for businesses/organisations :

  1. Identify where all PII exists and is stored – review and make sure this is in a safe environment.
  2. Identify laws that apply to you (GDPR, California privacy law, HIPAA) and follow your legal obligations.
  3. Create operational safeguards – policies and procedures for handling PII at an organisation level ; and building awareness to focus on the protection of PII.
  4. Encrypt databases and repositories where such info is kept.
  5. Create privacy-specific safeguards in the way your organisation collects, maintains, uses, and disseminates data so you protect the confidentiality of the data.
  6. Minimise the use, collection, and retention of PII – only collect and keep PII if it’s necessary for you to perform your legal business function.
  7. Conduct privacy impact assessments (PIA) to find and prevent privacy risks (identify what and why it’s to be collected ; how the information will be secured etc.).
  8. De-identify within the scope of your data collection and analytics tools.
  9. Anonymise data.
  10. Keep your privacy policy updated.
  11. Pseudonymisation.
  12. A more comprehensive guide for businesses can be found here : https://iapp.org/media/pdf/knowledge_center/NIST_Protecting_PII.pdf

  Unsure of what information could be considered PII ? Check out this list of examples.

  Additional resources :

  • https://www.umassmed.edu/it/security/compliance/what-is-pii/
  • http://www.osec.doc.gov/opog/privacy/PII_BII.html