Creating an application launcher in Ubuntu

  by Joseph Anthony C. Hermocilla, Principal Consultant

If you use Ubuntu as your primary desktop OS, you might need to create a launcher for applications not installed using apt so that it will be accessible on the dock. This short tutorial will guide you on how to do it. 

Let's say you have Mendeley, a reference manager, as an AppImage application. The first step is to determine the full path of the application.

You can also download a png icon for the app and place it in the path. For example,  I have the following files in the path as shown.

The mendeley.desktop text file contains the following.

[Desktop Entry]

Name=Mendeley

Exec=/home/jachermocilla/Programs/AppImage/mendeley/mendeley-reference-manager-2.97.0-x86_64.AppImage

Type=Application

Icon=/home/jachermocilla/Programs/AppImage/mendeley/mendeley.png

Go to the ~/.local/share/applications directory and create a symbolic link.

The application launcher is now searchable and can now be added to Favorites.

GoShrt: A simple URL shortener

  by Joseph Anthony C. Hermocilla, Principal Consultant

URL Shorteners allow users to convert very long URLs into shorter ones that are easier to remember. While preparing my presentation for a workshop, I decided that I could just make Heralli's own URL shortener instead of using popular products such as bit.ly and tiny.url. The result is GoShrt, a Flask App with SQLite3 as the database. The codebase is largely borrowed from this very nice DO tutorial. I Docker-ized the app so that it is easier to deploy.  I also added Captcha to prevent bots from abusing the app.  

One of the challenges I encountered while developing and deploying GoShrt is how to persist the contents of the database across container restarts. The solution is to use docker volumes. Only the source code for the app is placed in the container, the database is in a volume that is mounted on the container. 

Shown below are the contents of docker-compose.yml and Dockerfile, respectively, to achieve this.

At the production server, the local volume is created as shown below.

I enjoyed working on GoShrt. Using it to shorten URLs will also help in advertising Heralli. At the tech side, Python3, Flask, and SQLite3 will surely be my go-to tech stack when developing simple web apps with minimal performance and scalability requirements.

Contact us if you need help building web apps in Flask. We'd be glad to help.

How to market your SaaS? (according to ChatGPT)

 by Joseph Anthony C. Hermocilla, Principal Consultant

I decided to give ChatGPT a try. My prompt was "How do I market my Software-as-a-Service product?". Here's the suggestion (which makes sense):  

Marketing a Software-as-a-Service (SaaS) product requires a multi-pronged approach that focuses on creating awareness, generating leads, nurturing prospects, and converting them into paying customers. Here are some key steps you can take to market your SaaS product effectively:

• Define your target audience: Start by identifying who your ideal customer is, including their demographics, industry, pain points, and needs. This will help you tailor your marketing efforts and messaging to resonate with your target audience.
• Develop a strong value proposition: Your value proposition should clearly articulate how your SaaS product solves your target audience's problem, how it's different from other solutions in the market, and what benefits customers can expect to receive from using it.
• Build a strong online presence: Invest in creating a professional website, social media profiles, and other online channels that showcase your SaaS product and communicate its value proposition effectively.
• Use content marketing: Develop and share high-quality content that educates and informs your target audience about your SaaS product and how it can solve their problem. This can include blog posts, white papers, case studies, webinars, and videos.
• Leverage search engine optimization (SEO): Optimize your website and content for search engines to increase your visibility and attract more qualified traffic to your website.
• Use paid advertising: Consider using paid advertising channels such as Google Ads, social media ads, and sponsored content to reach a wider audience and generate leads.
• Use email marketing: Build an email list of prospects and customers and use targeted email campaigns to nurture leads and encourage them to sign up for your SaaS product.
• Provide excellent customer support: Satisfied customers are more likely to become advocates for your SaaS product and recommend it to others. Make sure you provide excellent customer support and actively solicit feedback to continually improve your product and service.

Overall, marketing a SaaS product requires a strategic and targeted approach that focuses on delivering value to your target audience, building trust, and creating a positive customer experience.

I think ChatGPT is really good as a writing assistant. Writing technical documentation will be a breeze. It can also help solve writer's block. Its suggestion can be used as a starting point for writers. At its current state though, some of its output are actually wrong so care must be taken when accepting them  as facts.

(Photo by Shubham Dhage on Unsplash)

Understanding container technology

by Joseph Anthony C. Hermocilla, Principal Consultant

Overview 

Using containers, specifically through Docker engine/runtime, has changed the way I work as a developer. It allowed me to develop and test apps with different configurations on a single host system with ease. In this post, I'll write a little about the facilities that can be used to implement containers in a Linux system. 

In operating systems, the process abstraction is an essential concept. A process is a 'program in execution'. I can argue that a container is just a 'fat' version of the process abstraction, it is a 'complete system in execution'. By 'complete system' I mean an encapsulation that has operating system components (bins/libs but no kernel), network configuration, root filesystem, support libraries, and applications. 

A container is self-contained and isolated from other containers in the same way a process is self-contained and isolated from other processes. A container is a group of processes rooted in a separate process tree and filesystem with certain security configuration and capabilities.

A modern Linux system or distribution has facilities that can be used to build container engine/runtime from scratch: namespaces, cgroups, chroot, and capabilities. 

namespaces

Namespaces have been traditionally used to allow similar names in a system as long as a name belongs to a different namespace. The Linux man page for namespaces states:

"A  namespace  wraps  a global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own isolated instance of the global resource.  Changes to the global resource are visible to other processes that are members of the namespace, but are invisible to other processes.  One use of namespaces is to implement containers."

cgroups

cgroups allow a collection of processes to be controlled in terms of the resources they use. The Linux man page for cgroups states:

"Control  groups,  usually referred to as cgroups, are a Linux kernel feature which allow processes to be organized into hierarchical groups whose usage of various types of resources can then be limited and monitored. The kernel's cgroup interface is provided through a pseudo-filesystem called cgroupfs.  Grouping is implemented in the core cgroup kernel code, while resource tracking and limits are implemented in a set  of  per-resource-type subsystems (memory, CPU, and so on)."

chroot

The Linux chroot program is used to run a process with a user-defined root directory which is separate from the host. It has been traditionally used to provide a 'jail' for servers exposed on the Internet to minimize security risks. The Linux man page for chroot states:

"run command or interactive shell with special root directory"

capabilities

Linux capabilities provide a more fine-grained control when checking permissions. The Linux man page for capabilities states:

"For  the  purpose  of performing permission checks, traditional UNIX implementations distinguish two categories of processes: privileged processes (whose effective user ID is 0, referred to as superuser or root), and unprivileged processes (whose effective UID is nonzero).  Privileged processes bypass all kernel permission checks, while unprivileged processes are subject to full permission checking based on the process's  credentials (usually: effective UID, effective GID, and supplementary group list). Starting  with  kernel  2.2,  Linux divides the privileges traditionally associated with superuser into distinct units, known as capabilities, which can be independently enabled and disabled.  Capabilities are a per-thread attribute."

Combining the above Linux facilities enables the creation of a container runtime. Check out the references below for more detailed demonstrations of these facilities in the context of creating containers.

References

[1] https://ericchiang.github.io/post/containers-from-scratch/ 
[2] https://kevinboone.me/containerfromscratch.html
[3] https://www.nginx.com/blog/what-are-namespaces-cgroups-how-do-they-work/ 

Contact us if you want to know how you can use containers in your organization. We'd be glad to help.

(Photo by frank mckenna on Unsplash)

Why is my droplet consuming a lot of disk space?

by Joseph Anthony C. Hermocilla, Principal Consultant

I've been using Digital Ocean to provision web servers through Droplets. However, I noticed that a server's available disk space is reduced after some time. I found out that the culprit is Systemd's Journald service.

Having worked on Linux servers for a time, I know the most likely directory containing large files is /var. I started looking for large files there using the following command line:

$sudo du -h --max-depth=1 /var

The result is that /var/log is occupying GB of space! I rerun the command line:

$sudo du -h --max-depth=1 /var/log

This time, the largest folder is /var/log/journal. 

To reclaim the disk space occupied by the logs, I used the command line below:

$sudo journalctl --vacuum-size=50M

The above fix is only temporary. To make it permanent, I set the following parameter in /etc/systemd/journald.conf:

SystemMaxUse=50M

I then restarted the service:

$sudo systemctl restart systemd-journald

Hopefully, next time my web servers will not run out of disk space. 

Contact us if you want need help in setting up your Linux servers. We'd be glad to help.

(Image: Gabriel Heinzer on Unsplash)

Basic Cybersecurity Tips

by Joseph Anthony C. Hermocilla, Principal Consultant

Here are 13 basic cybersecurity tips that you can follow to protect yourself from being hacked or scammed:

1. Update your devices and apps regularly.
2. Maintain an inventory of your accounts. Use a password manager for this.
3. Check privacy and security settings of your accounts regularly.
4. Enable multi-factor authentication in your accounts. 
5. Don’t forget physical security. Don't leave your devices unattended and their screens unlocked.
6. Encrypt your data and communications. Use messaging apps that support end-to-end encryption.
7. Don’t trust all browser plugins/add-ons/apps. Clear your browsing history regularly. Use incognito/private mode.
8. Don’t use pirated software, key generators, or game cheats. Most of them contain malware.
9. Be careful when opening/sharing/forwarding sms, links, photos, videos, files.
10. Inform the community if your account or device was compromised/lost/stolen. Report to authorities.
11. Do not overshare on social media. Don't believe everything on social media.
12. Monitor device use of your children.
13. Make sure that a website or app is legitimate and encrypts data before you enter any PII or other sensitive information.

Contact us if you want to know more tips on how you can protect yourself or your organization from cybersecurity attacks and data breaches.

(Image: https://twitter.com/Xylit0l/status/1601614284274163712/photo/1)