Author Archives: Yuriy

Fire Tablet setup: How to skip Amazon registration

Fire tablets are great cheap Android tablets, but they’re tied to Amazon ecosystem, which sucks. You used to be able to skip Amazon registration during setup, but on newer devices you can’t anymore.

Except you still can.

During setup you’re presented with “Register your fire” screen, and “Continue” button, and no way to bypass it. Follow these steps:

  1. Tap “New to Amazon? Start here” link.
  2. “Choose Country or Region” screen appears – select any country
  3. “Create an Amazon Account” screen appears. Instead of entering name, email, and password just tap “Close” button

You’re back in the original “Register your fire” screen, but now in addition to “Continue” button you will see “Not now” that lets you skip the registration.

Now you’re free to install an appstore of your choice e.g. F-Droid or Google Play Store and use it as a regular Android tablet.

Force add file permission in git.

I was working on a Windows laptop with a repo originally created on Mac, and git arbitrary changed bash script file permission from 755 to 644.

I was able to change it back by updating git index

git update-index --chmod=+x script.sh

But I couldn’t commit this change, because as far as git was concerned nothing in the file changed. But I was able to force-add the change

git add --chmod=+x -- script.sh

After that I was able to commit and push the change.

Just let TypeScript do its thing

It is a well known fact that compile-time errors during development are easier and cheaper to catch than runtime ones in production. Unfortunately people keep forgetting that simple fact. Let me tell you a little story about AWS Lambda hiccup, and how it could easily be avoided.

A developer wrote a simple Lambda function in TypeScript that would receive a parameter of the following type:

interface Notification {
    slack?: {
        notify: boolean
    };
    github?: {
        notify: boolean
    };
}

The logic is simple – if slack.notify is true – send slack notification. If github.notify is true – send github commit status notification. The function deployed without issues, and it does send slack notifications. There is one problem: often it would send the same slack notification 3 times in a row. Continue reading →

Scan standalone CDK constructs for misconfiguration

Vulnerability scanners like checkov have become a de facto standard for scanning IaC for possible misconfigurations. They can scan terraform configs, AWS CloudFormation templates, even – in a sense – CDK stacks, because they synthesize into CloudFormation templates that can be scanned.

In order to produce synthesized templates from stacks you have to have a full-blown CDK application. But what if you’re developing a standalone CDK construct as a library, to be used as a dependency in a CDK app? There is a way to scan it for vulnerabilities as well. Continue reading →

Override private methods in TypeScript

First things first: a word of caution – do this only if you absolutely have to. TypeScript has these checks for a reason, and probably in 99% of the cases you should respect and abide these restrictions. But if your scenario falls within the 1% where you must in a subclass override a private method of a superclass – this post shows a way to do this.

Let’s say we have a class that defines a generic starship, and what happens to it when it’s hit by a weapon:

type Hit = 'phaser' | 'antimatter spread' | 'photon torpedo'
 
class Starship {
    private totalDamage: number;
 
    constructor(private shipName: string) {
        this.totalDamage = 0;
    }
 
    private addDamage(damage: number) {
        this.totalDamage += damage;
    }
 
    public isHitBy(hit: Hit) {
        console.log(`${this.shipName} is hit by ${hit}!`)
 
        switch(hit) {
            case 'phaser':
                this.addDamage(100);
                break;
            case 'antimatter spread':
                this.addDamage(300);
                break;
            case 'photon torpedo':
                this.addDamage(500);
                break
        }
    }
}

You can create your own class of starship based on this generic class, then build a ship of the new class, and simulate it being hit by a weapon: Continue reading →

Reverse values into variables in tmplr

tmplr is a versatile templating tool that lets you quickly create a repository from a template customized for your needs. By running a recipe it can substitute placeholder variables with your own values making the repository truly your own. For example it can update package.json with dynamic values from git context. It can do much more, put for the purpose of this post we will concentrate on literal values in code files.

Let’s say you have a JavaScript code that performs some AWS SDK/CDK actions, and it requires AWS account IDs – for dev and prod deployment. In a regular repo you would define config.js something like this:

const awsAccounts = {
   dev: '1234567890',
   prod: '0987654321'
}

But if we’re building a template repo – we don’t want to hardcode those values. Instead we could use tmplr placeholder variables:

const awsAccounts = {
   dev: '{{ tmplr.dev_account_id }}',
   prod: '{{ tmplr.prod_account_id }}'
}

Save this file as config.tmplr.js – it becomes our template. A user of your template then can create a tmplr recipe: Continue reading →

Synthesize only stacks you need in CDK

CDK documentation states that if you supply stack name(s) to CLI commands like cdk synth, cdk list, or cdk deploy – it will synthesize only the stacks you requested. But in reality this is not the case, CDK will always synthesize all stacks – and it may lead to unintended consequences.

Let’s say you have following stack declarations in your lib/my-stacks.ts code:

import * as cdk from 'aws-cdk-lib';
 
export class Stack1 extends cdk.Stack {};
export class Stack2 extends cdk.Stack {};
export class AnotherStack extends cdk.Stack {};
export class YerAnotherStack extends cdk.Stack {};

And in your app’s entry point bin/my-stacks.ts you instantiate those stacks:

import * as cdk from 'aws-cdk-lib';
import * as stacks from '../lib/my-stacks'
 
const app = new cdk.App();
 
new stacks.Stack1(app, "Stack1");
new stacks.Stack2(app, "Stack2");
new stacks.AnotherStack(app, "AnotherStack");
new stacks.YerAnotherStack(app, "YetAnotherStack");

And then issue a CLI command to synthesize stacks, but you only want to synthesize “Stack1” and “AnotherStack”: Continue reading →

Enable ActivityPub Plugin on Bitnami WordPress instance with LetsEncrypt

ActivityPub plugin is a very cool piece of WordPress addition. With this plugin installed users of Mastodon and other such federated platforms that support ActivityPub can follow your blog as if it were another instance on the Fediverse.

Unfortunately if you run a Bitnami instance of WordPress (for example one provided by AWS LightSail with LetsEncrypt service providing a TLS certificate for you site – you may encounter an incompatibility issue. LetsEncrypt uses /.well-known/acme-challenge path on your site for certificate validation, but ActivityPub plugin uses /.well-known/webfinger path to return relevant profile information. It conflicts with LetsEncrypt and the WebFinger path returns “404 – not found”.

Fortunately there is an easy fix. Continue reading →

Wait for AWS region to become available

AWS CLI has a nifty useful command to enable/opt-in a region on your account – account enable-region e.g.

aws account enable-region --region-name af-south-1

There is a caveat though – this command only begins to enable the region. The process could take a while, but the command exits right away. But what if you need do something with the region when it becomes available? Say you’re running a script and you need to bootstrap the region when its enabled. You need some way to wait for the enablement to finish. Luckily there is another AWS CLI command that lets you check the status of the region – ec2 describe-regions, e.g.

aws ec2 describe-regions --region-names af-south-1

One of the properties it return is whether the region is enabled/opted-in or not. Combining this with a little of bash magic – we can come up with a waiting routine:

aws account enable-region --region-name af-south-state=not-opted-in
until [ "$state" = "opted-in" ]
do
   echo Waiting for af-south-1...
   sleep 5
   state=$(aws ec2 describe-regions --region-names af-south-1 --query "Regions[0].OptInStatus" --output text)
done

Here on the Line 1 we execute command that initiates enabling region. And the rest is a loop: wait 5 seconds, and check the status of the region. Loop exits when the status becomes “opted-in”. At this point we know that the region has been enabled, and can proceed with using it.