Universe's Blog

I’ve been messing around with Amazon EC2 recently, and I’ve discovered that most things can’t be done using available GUI based tools (such as AWS Management Console, Elasticfox etc.) So, whilst actually using the command line tools isn’t too bad (especially if you’re following guides), setting them up is a bit of a pain. I thought I’d just do a quick write up on the steps involved. (Just a note, “I:\” is my system drive. On most systems, this will most likely be “C:\”. )

1. Download the Amazon EC2 API Tools from here.
2. The zip archive will contain a folder named something like “ec2-api-tools-1.3-51254″. You will need to extract the contents of this folder to a location on your HDD. (In my case, “I:\Apps\EC2″)
3. Installing Java is a prerequisite, so make sure you’ve got it installed and set up on your system.
4. Now, you will need to set up the environment variables so you don’t have to constantly point the EC2 tools to various locations. You can do this two ways:
   • Using the command prompt and the set command. (E.G. To set the environment variable “TEST” to “I:\test.txt” you would write “set TEST=I:\test.txt” in the command prompt.) This method is temporary, and you will lose the these when you restart the command prompt.
   • Set them using the appropriate Windows System settings as “System Variables.” (See this guide.) This method is permanent, though I noticed I needed to restart the computer to make it work with Console2, an alternate command prompt window I use.
5. You will need to set the following environment variables:
   • JAVA_HOME = The location of your Java Runtime Environment home directory. (In most systems, it will be “C:\Program Files\Java\jre6″ or “C:\Program Files (x86)\Java\jre6″.)
   • EC2_Home = The location you extracted the tools in Step 2. (In my case: I:\Apps\EC2)
   • You will need to add the location of the “bin” folder in your EC2 tools folder to the end of your “PATH” variable. (I.E. You can use “set PATH=%PATH%;%EC2_HOME%\bin” in command prompt or just open up the system variable editor and add it to the end – separating each path with a semicolon: “;”).
   • When you create a new EC2 account, Amazon will require you to create a X.509 certificate and private key for said certificate. You will need to have these two files on your computer. (Check here if you need to create a new certificate.) You will need to create two variables: EC2_CERT (which points to your certificate file, cert-….pem) and EC2_PRIVATE_KEY (which points to your private key, pk-….pem).
6. Once you’ve done that, you should be able to use all the available EC2 API tools from your Windows machine.

Notes:

• I noticed that for the EC2_CERT and EC2_PRIVATE_KEY (and possibly EC2_HOME) environment variables, it would error if I enclosed the paths with double quotes(“”).

References: [1], [2], [3]

On the back of all the issues Facebook is having with privacy and how generally, you don’t want to trust such a company with your data, I came across a way whilst browsing to use Firefox’s Adblock Plus plugin to ensure that external sites can’t access any Facebook domains. This should, ideally, stop any third-party site from accessing your information or even using an exploit for malicious purposes.

You can do this via adding the follow four filters to Adblock plus: (Go to preferences –> Filters –> Add filter and repeat for each line.)

||facebook.com^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net
||facebook.net^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net
||fbcdn.com^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net
||fbcdn.net^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net

References: [1], [2]

This is just a write-up that I’m doing, mainly, so I won’t forget this in the future. This is just a basic guide to creating a basic self-signed SSL certificate that can be used with a local WAMP server for testing and such. Being self-signed, it will still throw up exceptions, but it is fine for testing purposes, or for encryption only uses. (Where verification isn’t really important/necessary.)

The commands are as follows:

openssl genrsa -des3 -out server.key 4096
copy server.key server.key.org
openssl rsa -in server.key.org -out server.key
openssl req -new -x509 -nodes -sha1 -days 9999 -key server.key -out server.crt

The first line creates a 4096bit private key called “server.key”. OpenSSL will prompt for you a pass phrase to generate the key. The second line creates a copy of this key at “server.key.org” (just-in-case). The third line tells OpenSSL to remove the pass phrase from the original private key, “server.key.org”, and overwrite “server.key”. We then create the SSL certificate using the fourth line. Given we’re only really going to be using the certificate for testing purposes, you can give it any length (i.e. in my example I’ve used 9999).

OpenSSL, at this point, will ask you for some details. This includes Country Name, State/Province, Locality, Organisational Name, Organisation Unit and Email. These can all be filled out according to preference. The important field is “Common Name” which should be the FQDN. (If you want to use a wildcard certificate use “*.mydomain.myext”). After that’s all done, you will need to point your web server (in my case, Apache) to server.key and server.crt.

References: [1]