Monday, October 29, 2012

Allow Cyberduck to login to Amazon S3

If you have created a user in the Amazon IAM Console and wish to allow them to use Cyberduck to connect to Amazon S3 you need to grant them the ability to list all the buckets. This is done by applying a policy on the user of:


{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListAllMyBuckets"
      ],
      "Resource": "arn:aws:s3:::*"
    }
  ]
}


This means they can see all the buckets that exist on your account but can't actually see then contents of them without getting some policies applied on specific buckets.

This all comes about from the way Cyberduck does it's initial login to Amazon S3.

Update: If you just connect directly to the bucket using it's bucket name as part of the hostname (eg www.example.com.s3.amazonaws.com), you don't need to grant this permission but you do get an SSL issue.

Thursday, July 05, 2012

virsh vol-upload error

I was attempting to upload a file into a volume using virsh with libvirt to a qemu/kvm hypervisor storage pool and I was getting:

vol-upload error: unknown procedure: 208


Turns out this is because the remote libvirt version was 0.7.5 and upload support wasn't added until 0.9.0. Hope this helps someone else.

Tuesday, June 05, 2012

tftpd on Mac OS X

Mac OS X comes with a TFTP daemon which is all setup to use launchctl, the only issue is it's disabled by default. launchctl allows you to override the disabled entry when loading the file so to use the TFTP daemon:

sudo launchctl load -w /System/Library/LaunchDaemons/tftp.plist

Then it will serve files up from /private/tftpboot/ just make sure they are readable by all. To shutdown the daemon just run:

sudo launchctl remove com.apple.tftpd

Monday, May 28, 2012

svn diff of just modified files

I was working against a project in which I had a few conflicts, but wanted to generate a patch containing some of the changes to that project, in this case I wanted files I had modified but not the ones that had conflicts. In short svn doesn't provide a way todo this but using a few additional tools it works fine:


svn st | awk '$1 == "M"{print $2;}'| xargs svn diff


Monday, March 19, 2012

Random Skype Disconnections

Recently I'd started having problems with Skype disconnecting several minutes into a call and losing internet access in other applications as well. This initially was only happening with Skype on the iPad so I put it down to bugginess on the iOS version of Skype crashing the router or something on the iPad, however I just had the same disconnection symptoms after about 5 minutes of a video call on my Mac. This time I went to the router's administration page and found that the router (Speedtouch ST780) hadn't recently rebooted but in the event log it said:

Mar 19 22:04:10IDS dos parser : udp flood (1 of 1) : 192.168.1.69 80.229.225.26 1018 UDP 65177->45237

Now this tied in exactly with the time of the call dropping so it looks like Skype is triggering the udp flood detection on the router. There isn't a simple way to disable this through the web interface. So you have to telnet to the router and issue the commands:


ids config state=disabled
saveall


which disables the intrusion detection system. I'm not too worried about this as the router doesn't have any real services listening on it's WAN IP and I trust all the internal clients. Anyway, hopefully problem solved for now.