Show HN: Ssh2ec2 – Connect to EC2 instances via tags/metadata instead of hostname

I am not a fan of assigning DNS names to EC2 instances as I feel it goes against the ethos of
treating instances as temporary, ephemeral units of processing power. Cattle, rather than pets.

In the world of dynamic autoscaling groups, why would an instance need a domain name?

I do not need to route traffic to it – it sits behind an ELB.

I do not need to identify it by hostname in my monitoring and alerting platforms – EC2 tags are well-entrenched
in the modern DevOps ecosystem, and provide a lot more flexibility when it comes to grouping and aggregating data.

There is only one downside to this approach – sometimes a member of the herd requires some individual TLC. Just
as a cattle might require a vet’s personal attention to apply some medicine, an
EC2 instance might require the attention of a sysadmin because its response times are spiking in comparison
to the rest of the cluster.

No matter how good your deployment procedure, or how immutable your infrastructure, sometimes you just need to
hop on to an instance and do some good old-fashioned troubleshooting.

But if your instances do not have predictable hostnames, you need a way to find the generated public DNS name before you
can open your SSH session.

The most low-tech – if anything relating to AWS can be described as low-tech – method is to open up the web console,
filter the list of instances, copy the instance’s IP or public DNS name, and paste it in to the terminal. This involves
something I strongly dislike – taking my hands off of the keyboard to use the trackpad or mouse.

Another option is to use your configuration management tool to discover the instance’s IP or execute a command
on the remote instance. Most tools provide some method of addressing EC2 instances via their tags:

salt -G 'ec2_tags:environment:production'

This Salt command would cause any instances with an ‘environment=production’ tag to respond to the test ping. I could
use this to discover the public DNS name of my target instance without leaving the comfort of the terminal, but it
still involves too much typing and relies on there being a configuration management system in place.


As an ardent follower of the XKCD1319 protocol, I decided to write
a little script to help save some future typing.

ssh2ec2 is a wrapper around ssh which allows you to
use EC2 tags and metadata to select the destination hostname.

Install it with pip (pip install ssh2ec2) and give it a try:

# Connect to an instance named Nginx
ssh2ec2 --tag Name=nginx

# Connect to any web instance in production
ssh2ec2 --tag role=web --tag environment=production

# Connect to any t2.micro instance in us-east-1a
ssh2ec2 --availability-zone us-east-1a --instance-type t2.micro

To see a list of supported filters run ssh2ec2 --help.

If there are multiple instances you will be connected to one of these at random.

Any additional arguments are passed to ssh. You can run a command on the instance with:

ssh2ec2 --tag role=web uname -a

Or on all matching instances with:

ssh2ec2 --all-matching-instances --tag role=web uname -a

This is not supposed to be a replacement for a proper configuration management system!

Due to the way Python’s argparse module handles the arguments you need to use a slightly different
syntax if you want to pass command line arguments to SSH. The following commands are functionally

ssh2ec2 --tag role=web "-i /path/to/key echo hello"
ssh2ec2 --tag role=web --ssh-args "-i /path/to/key" echo hello

I hope this helps save you some typing.

Original URL:

Original article

Google Cloud Platform signs up enterprise giants, how does it compare to AWS?

At the 2016 Google Cloud Platform Next conference, company leaders laid out the next steps in its plan to stay competitive in the cloud.

Original URL:

Original article

Google axes the Chrome App Launcher

Google today said it would retire its Chrome App Launcher on Windows, OS X and Linux in July, citing user indifference.

“We’ve found that users on Windows, Mac, and Linux prefer to launch their apps from within Chrome,” said Marc Pawliger, a Chrome engineering director, in a short post to a company blog Wednesday.

“Beginning in a few weeks, Chrome will no longer enable the launcher when users first install a Chrome app,” Pawliger added. “Anyone who currently has the launcher will receive a notice informing them that the launcher will be going away. In July, existing instances of the launcher will be removed.”

To read this article in full or to leave a comment, please click here

Original URL:

Original article

Google Cloud Platform — Greene’s mean cloud means business

Google Cloud Platform is kicking business butt, says Google. SVP Diane Greene is pleased to announce new marquee customers and new cloud features.

But Google is a long way behind it’s two main competitors: Amazon AWS and Microsoft Azure. Watch this space to see how Greene will persuade businesses to deploy on GCP.

In IT Blogwatch, bloggers virtualize and containerize. Your humble blogwatcher curated these bloggy bits for your entertainment.

To read this article in full or to leave a comment, please click here

Original URL:

Original article

Amazon RDS for SQL Server – Support for Windows Authentication

Regular readers of this blog will know that I am a big fan of Amazon Relational Database Service (RDS). As a managed database service, it takes care of the more routine aspects of setting up, running, and scaling a relational database.

We first launched support for SQL Server in 2012. Since that time we have added many features including SSL support, major version upgrades, transparent data encryption, and Multi-AZ.  Each of these features broadened the applicability of RDS for SQL Server and opened the door to additional use cases.

Many organizations store their account credentials and the associated permissions in Active Directory. The directory provides a single, coherent source for this information and allows for centralized management.  Given that you can use the AWS Directory Service to run the Enterprise Edition of Microsoft Active Directory in the AWS Cloud,  it is time to take the next step!

Support for Windows Authentication
You can now allow your applications to authenticate against Amazon RDS for SQL Server using credentials stored in the AWS Directory Service for Microsoft Active Directory (Enterprise Edition). Keeping all of your credentials in the same directory will save you time and effort because you will no longer have to find and update each copy. This may also improve your overall security profile.

You can enable this feature and choose an Active Directory when you create a new database instance that runs SQL Server. You can also enable it for an existing database instance. Here’s how you choose a directory when you create a new database instance (you can also create a new one):

To learn more, read about Using Microsoft SQL Server Windows Authentication with a SQL Server DB Instance.

Now Available
This feature is now available in the US East (Northern Virginia), US West (Oregon), Europe (Ireland), Asia Pacific (Sydney), Asia Pacific (Tokyo), and Asia Pacific (Singapore) Regions and you can start using it today. There is no charge for the feature, but you will pay the standard rate for the use of AWS Directory Service for Microsoft Active Directory.




Original URL:

Original article

Intel Corp. Officially Kills “Tick-Tock”

About a decade ago, PC processor giant Intel (NASDAQ:INTC) announced that it would be pursuing a new chip development methodology known as “Tick-Tock.” Under this development model, the company would transition its latest architecture to a new manufacturing technology, reaping performance, power, and cost benefits in the process. Intel called this a “tick.”

Then, as that manufacturing technology matured and chip design teams become more familiar with the technology, the company would introduce a brand-new chip design on a pre-established process. Intel referred to this as a “Tock.”

However, back in mid-2015, Intel admitted that its 10-nanometer technology was in rough shape and wouldn’t go into production at the end of the year as expected. In the company’s most recent form 10-K filing, it went ahead and officially declared “Tick-Tock” dead.

The official word
Intel’s wording in the form 10-K filing is as following:

“We expect to lengthen the amount of time we will utilize out 14 [nanometer] and out next-generation 10 [nanometer] process technologies, further optimizing out products and process technologies while meeting the yearly market cadence for product introductions.”

The company even includes an interesting visual aid to contrast the differences between the previous methodology and the current one:


Image credit: Intel.

Intel says that its third 14-nanometer product, known as Kaby Lake, will have “key performance advancements as compared to [its] 6th generation Core processor family.” The extent of these enhancements is clear, but leaks to the Web suggest enhancements to graphics and media.

What else Intel says about its chip manufacturing technology in the 10-K
interestingly in the 10-K filing, Intel claims that it has “long been a leader in silicon process technology and manufacturing” and that it “aim[s] to continue [its] lead through investment in this critical area.”

Intel further goes on to say that it believes that it has a “competitive advantage” as a result of manufacturing chips “in [its] own facilities.” This advantage, the chip giant claims, “enables [Intel] to optimize performance, shorten time-to-market, and scale new products more rapidly.”

Continuing further, the company indicates that “this competitive advantage will be extended in the future as the costs to build leading-edge fabrication facilities increase, and as fewer semiconductor companies will be able to leverage platform design and manufacturing.”

This all sounds really good in theory, but Intel’s competition has been quite aggressively moving from one technology to the next and it’s not at all clear to me that the chipmaker will be able to sustain this competitive advantage out in time.

Indeed, from what Intel-rival TSMC (NYSE:TSM) has disclosed about its 7-nanometer manufacturing technology (which is expected to go into production in the first half of 2018), it should be very similar in terms of transistor density to Intel’s 10-nanometer technology (both will employ Self-Aligned Quad Patterning for critical metal layers, for example, allowing them to achieve similar metal pitches).

That said, although Intel and TSMC will probably match up in terms of density, transistor performance and power characteristics remain an unknown for both. We’ll learn more once both companies publish technical papers at major semiconductor conferences such as the International Electron Devices Meeting (IEDM) or the VLSI Symposium.

3 companies poised to explode when cable dies
Cable is dying. And there are 3 stocks that are poised to explode when this faltering $2.2 trillion industry finally bites the dust. Just like newspaper publishers, telephone utilities, stockbrokers, record companies, bookstores, travel agencies, and big box retailers did when the Internet swept away their business models. And when cable falters, you don’t want to miss out on these 3 companies that are positioned to benefit. Click here for their names. Hint: They’re not the ones you’d think!

Original URL:

Original article

StartCom log all issued SSL certificates to public CT log servers

Mar. 23, 2016

Eilat, Israel – 23th Mar. 2016.

StartCom, a leading global Certificate Authority (CA) and provider of trusted identity and authentication services, announces the logging of all SSL certificates it issues to the public Certificate Transparency (CT) log servers starting today. All issued SSL certificates will contain the special embedded SCT data necessary to verify the log submission. With this, StartCom demonstrates transparency which is not only beneficial to StartCom’s worldwide subscribers, but also beneficial to all Internet security stakeholders, such as domain owners, certificate authorities, and browser manufacturers, who have a vested interest in maintaining the health and integrity of the StartCom SSL certificate system.

This implementation is stricter than Google Chrome’s current requirements which applies today only to Extended Validation (EV) SSL certificates; StartCom will log all issued SSL certificates to at least 3 public CT log servers and embedded the SCT data into the certificates, demonstrating true transparency.

Google’s Certificate Transparency project fixes several structural flaws in the SSL certificate system, which is the main cryptographic system that underlies all HTTPS connections. These flaws weaken the reliability and effectiveness of encrypted Internet connections and can compromise critical TLS/SSL mechanisms, including domain validation, end-to-end encryption, and the chains of trust set up by certificate authorities. If left unchecked, these flaws can facilitate a wide range of security attacks, such as website spoofing, server impersonation, and man-in-the-middle attacks.

Certificate Transparency strengthens the chains of trust that extend from CAs all the way down to individual servers, making HTTPS connections more reliable and less vulnerable to interception or impersonation. But what’s more, as a general security measure, Certificate Transparency helps guard against broader Internet security attacks, making browsing safer for all users.

Original URL:

Original article

From inside Facebook

Note from Robin:

This saga appeared in my secure dropbox late last month, along with a plea to post it on Facebook today in exactly the format you see here. I gather I’m not the only one to have received those instructions. I can’t vouch for the authenticity of the story, but I thought it was certainly weird and interesting enough to share.


The last thing I want to do is write this down, but I’m doing it anyway, partially because people ought to know what’s happening with the things they post here, but mainly (like 99%) because of Julie Rubicon and the spike.

My former peeps at Facebook Inc. of Menlo Park, California—hi Jane; hi Neel; hi… Mark?—will know immediately who’s written this, and the company will probably pursue me, but I predict it will do so quietly. The SEC won’t be so discreet, if indeed there is a rule covering the deeds that follow, but honestly… I’m not sure there is.

I’m typing this on February 27, 2016. Today was my last day at Facebook. I turned in my badge and my laptop and I walked onto Willow Road with a flash drive containing the images you’ll see below. Outside, I watched the dogfood builds disappear from my phone’s home screen one by one.

It feels strange not to be a Facebook employee, even though I spent most of my time there expecting to be fired. I started on the product team, where I did not excel, moved over to ads, which was worse, and ended up in PIG.

Facebook offers, to certain of its largest advertising clients, the services of the Partner Intelligence Group. PIG is where my story begins.

Any individual user of Facebook sees only see a narrow, personalized slice of the system. Facebook itself has a broader view. From my desk in the PIG pod, I could run queries across all posts and comments, public and non-public. Private messages, too. I could ask: how many people on Facebook talked about the U.S. presidential election today? How many of them posted something about Donald Trump? How many of those posts included the

Original URL:

Original article

Congas, Sambas and Falling Plaster

Billy Joel (Credit: Columbia)

Billy Joel (Credit: Columbia)

I was 15 years old, sitting cross-legged next to my friend Mascha on a cork-tile floor at Mammoth Gardens, a roller-skating rink built in 1910. Plaster, occasionally, was falling from the ceiling – because the band on the stage that night was the drum-heavy Santana, which had just released its 1970 album “Abraxas.” That’s the album with the breakout singles “Black Magic Woman,” “Oye Como Va” and the beautiful “Samba Pa Ti.”

What we thought was seriously cool then has held up pretty well. “Abraxas” has just been added to the Library of Congress National Recording Registry, which recognizes sound recordings worthy of permanent preservation on grounds they have cultural, artistic or historic importance. This year’s offerings also include Billy Joel’s single “Piano Man.” Said Joel, ”Some may not know that it was not initially a retail success. It was, however, considered a ‘turntable hit’, due to widespread airplay of various ‘album tracks’ by progressive FM radio stations around the country. Both the single and the album ‘Piano Man’ eventually went on to achieve ‘platinum’ status, thanks to that kind of free-form radio airplay.

“I personally owe a great deal of thanks to those independent disk jockeys who did not have to adhere to the restrictions of ‘program consultants’ and ‘hit formats’ as commercial radio does today,” added Joel (who received the Library’s Gershwin Prize for Popular Song two years ago). “They took the risk of broadcasting new and unproven music, based mostly on listener requests and their own enthusiasm for the recording artists of that time.”

The other recordings among this year’s 25 selections range from Gloria Gaynor’s “I Will Survive” to blues numbers, a landmark Zydeco album, a frenzied 1938 Mahler’s Ninth that foreshadowed Hitler’s invasion of Austria and the speech by U.S. Secretary of State George Marshall that kicked off the “Marshall Plan” that gave hope to citizens of the European nations devastated by World War II.

The registry also includes George Carlin’s icon-smashing “Class Clown,” the fourth quarter of Wilt “The Stilt” Chamberlain’s astounding 100-point basketball game in 1962; the LP in which Metallica stopped thrashing and took metal music in a new direction; and two variations on the song “Mack the Knife,” by Louis Armstrong and Bobby Darin.

(I had a boss once who used to deliberately botch the words of “Mack.” “Oh, the snark bites, with its feet, dear …” Try working on deadline with that distraction!)

Congress created the National Recording Registry (which now holds 450 designated recordings) to preserve these sounds of our times for posterity. You can nominate recordings of all kinds to become part of the registry, and you should. Here’s the link where you can have your say.


Original URL:

Original article

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: