How to use the UpCloud API to manage your UpCloud servers.
the
How to use the UpCloud API to manage your UpCloud servers
How to use the UpCloud API to manage your UpCloud servers.
Advertisement:
If you have not read my previous posts I have now moved my blog etc to the awesome UpCloud host. Sign up using this link to get $25 free credit.
I recently compared Digital Ocean, Vultr and UpCloud Disk IO here and UpCloud came out on top by a long way (read the blog post here).
Here is my blog post on moving from Vultr to UpCloud.
Spoiler: UpCloud performance is great.
I have never had an UpCloud page load take longer than 2 seconds since moving.
UpCloud API
UpCloud has an API that we can opt into to using where we can manage servers. Read the official UpCloud API documentation here.
The API allows you to control:
- Accounts
- Pricing
- Zones
- Timezones
- Plans
- Servers
- Storages
- IP-Addresses
- Firewall
- Tags
- etc
Create a sub-account to query the API
You should create a new user account (in the UpCloud dasbboard) just for API access. I created two accounts for use on my server and on my home laptop and my server (and set a limiting IP(s) that can access it).
Create a Sub Account for API Access
Login to your UpCloud account (create an account here and get $25 free credit),
- Click My Accounts,
- Click User Accounts,
- Click Change on your user and enable API connections.
- TIP: Set up an IP rule to limit access to your API for security (I set up a VPN to get a static IP on my dynamic IP Internet host at home)).
- Save the changes
TIP: Lock down the account to have the minimum permissions required.
e.g
- Disable access to the control panel (Untick).
- Allow API Connections (Tick) and specify an IP
- Disable access to billing contact (Untick).
- Disable access to billing section in the control panel (Untick).
- Disable allowing of emails to billing contact (Untick).
- Allow or Remove access to all server (or manually add access to desired servers)
- Allow or Remove access to modify storage (or manually allow or remove access to desired storage)
- etc
Save the account.
Now let’s make our first API call
I use OSX and I use the awesome Paw API testing tool from https://paw.cloud (This is not a plug, they are awesome). Postman is a popular API testing tool too. Any good programing language or CLI will allow you to send API requests.
First, let’s prepare the authorization string (this is a Base64 encoded combination of your username and password) read more here.
- Head over to https://www.base64encode.org/
- Click the Encode tab
- Add your “username:password” (without the quotes).
- Click Encode
A Base64 string will be outputted 🙂
e.g > eW91cmFwaXVzZXJuYW1lOnlvdXJzdXBlcnNlY3VyZXBhc3N3b3Jk
fyi
You can encode also Encode and Decode Base64 from the Ubuntu Command line
Encode Base64 from the CLI Sample
1 2 | echo -n 'yourapiusername:yoursupersecurepassword' | base64 eW91cmFwaXVzZXJuYW1lOnlvdXJzdXBlcnNlY3VyZXBhc3N3b3Jk |
Decode Base64 from the CLI Sample
1 2 | echo `echo eW91cmFwaXVzZXJuYW1lOnlvdXJzdXBlcnNlY3VyZXBhc3N3b3Jk | base64 --decode` yourapiusername:yoursupersecurepassword |
Now we can add an “Authorization Basic” token to the API request in Paw.
A quick test of the UpCloud Prices API endpoint https://api.upcloud.com/1.2/price reveals the API is working.
I can now see a full breakdown of my service prices in JSON 🙂
Query My Account
OK, Let’s see how much credit I have left by querying the https://api.upcloud.com/1.2/account, I duplicated the item in Paw and changed the URL to https://api.upcloud.com/1.2/account but no data returned?
I had to enable “Access to Billing section in Control Panel” for the user before this data returned from the API (make sense).
> HTTP/1.1 200 OK
Query (GET)
1 2 3 4 | GET /1.2/account HTTP/1.1 Host: api.upcloud.com User-Agent: Paw/3.1.7 (Macintosh; OS X/10.13.5) NSURLConnection/1452.23 Authorization: Basic ******************************************* |
Output
1 2 3 4 5 6 7 8 9 10 11 12 13 | HTTP/1.1 200 OK Date: Sun, 17 Jun 2018 04:23:32 GMT Content-Type: application/json; charset=UTF-8 Connection: close Content-Length: 91 Server: Apache { "account" : { "credits" : 2500.00, "username" : "yourapiusername" } } |
”2500.00″ = cents ($25)
Query All of Your Servers
Ok, Let’s get server information by querying https://api.upcloud.com/1.2/server
Query (GET)
1 2 3 4 | GET /1.2/server HTTP/1.1 Host: api.upcloud.com User-Agent: Paw/3.1.7 (Macintosh; OS X/10.13.5) NSURLConnection/1452.23 Authorization: Basic ##############base64hash############## |
Output
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 | HTTP/1.1 200 OK Date: Sun, 17 Jun 2018 04:32:22 GMT Content-Type: application/json; charset=UTF-8 Connection: close Content-Length: 1154 Server: Apache { "servers" : { "server" : [ { "core_number" : "1", "hostname" : "server1nameredacted.com", "license" : 0, "memory_amount" : "2048", "plan" : "1xCPU-2GB", "plan_ipv4_bytes" : "3472464313", "plan_ipv6_bytes" : "166293599", "state" : "started", "tags" : { "tag" : [ "tag1" ] }, "title" : "server1nameredacted.com", "uuid" : "########-####-####-####-############", "zone" : "us-chi1" }, { "core_number" : "1", "hostname" : "server2nameredacted.com", "license" : 0, "memory_amount" : "1024", "plan" : "1xCPU-1GB", "plan_ipv4_bytes" : "198911", "plan_ipv6_bytes" : "19742", "state" : "started", "tags" : { "tag" : [ "tag2" ] }, "title" : "server1nameredacted.com", "uuid" : "########-####-####-####-############", "zone" : "us-chi1" } ] } } |
Query Server Information
I have redated the UUID’s for my servers but once you know them you can query them by hitting https://api.upcloud.com/1.2/server/########-####-####-####-############
Query (GET)
1 2 3 4 | GET /1.2/server/########-####-####-####-############ HTTP/1.1 Host: api.upcloud.com User-Agent: Paw/3.1.7 (Macintosh; OS X/10.13.5) NSURLConnection/1452.23 Authorization: Basic ##############base64hash############## |
Output
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 | HTTP/1.1 200 OK Date: Sun, 17 Jun 2018 04:45:14 GMT Content-Type: application/json; charset=UTF-8 Connection: close Content-Length: 1656 Server: Apache { "server" : { "boot_order" : "cdrom,disk", "core_number" : "1", "firewall" : "on", "host" : redacted, "hostname" : "server1nameredacted.com", "ip_addresses" : { "ip_address" : [ { "access" : "private", "address" : "##.#.#.###", "family" : "IPv4" }, { "access" : "public", "address" : "###.###.###.###", "family" : "IPv4", "part_of_plan" : "yes" }, { "access" : "public", "address" : "####:####:####:####:####:####:########", "family" : "IPv6" } ] }, "license" : 0, "memory_amount" : "2048", "nic_model" : "virtio", "plan" : "1xCPU-2GB", "plan_ipv4_bytes" : "3519033266", "plan_ipv6_bytes" : "168200052", "state" : "started", "storage_devices" : { "storage_device" : [ { "address" : "virtio:0", "boot_disk" : "0", "part_of_plan" : "yes", "storage" : "########-####-####-####-############", "storage_size" : 50, "storage_title" : "system", "type" : "disk" } ] }, "tags" : { "tag" : [ "fearby" ] }, "timezone" : "Australia/Sydney", "title" : "server1nameredacted.com", "uuid" : "########-####-####-####-############", "video_model" : "cirrus", "vnc" : "off", "vnc_password" : "#########################", "zone" : "us-chi1" } } |
The servers name, IPv4 and IPV6 network adapters are listed, CPU(s), Memory, Disk Sized and UUID’s are all visible 🙂
Surprisingly the VNC password is visible (enabling access to the root console).
TIP: Ensure your API account is safe and secure.
Query Storage Information
Now, Let’s query the storage with the GUID from above by querying https://api.upcloud.com/1.2/storage/########-####-####-####-############
Query (GET)
1 2 3 4 | GET /1.2/storage/########-####-####-####-############ HTTP/1.1 Host: api.upcloud.com User-Agent: Paw/3.1.7 (Macintosh; OS X/10.13.5) NSURLConnection/1452.23 Authorization: Basic ##############base64hash############## |
Output
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 | HTTP/1.1 200 OK Date: Sun, 17 Jun 2018 04:53:36 GMT Content-Type: application/json; charset=UTF-8 Connection: close Content-Length: 559 Server: Apache { "storage" : { "access" : "private", "backup_rule" : {}, "backups" : { "backup" : [ "########-####-####-####-############" ] }, "license" : 0, "part_of_plan" : "yes", "servers" : { "server" : [ "########-####-####-####-############" ] }, "size" : 50, "state" : "online", "tier" : "maxiops", "title" : "system", "type" : "normal", "uuid" : "########-####-####-####-############", "zone" : "us-chi1" } } |
I can see information about the storage’s assigned server and backups 🙂
Query Backup Information
Backup storage can be queried with the same storge API endpoint https://api.upcloud.com/1.2/storage/########-####-####-####-############
Query (GET)
1 2 3 4 | GET /1.2/storage/014fd483-ea90-4055-b445-bf2011951999 HTTP/1.1 Host: api.upcloud.com User-Agent: Paw/3.1.7 (Macintosh; OS X/10.13.5) NSURLConnection/1452.23 Authorization: Basic ##############base64hash############## |
Output
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | HTTP/1.1 200 OK Date: Sun, 17 Jun 2018 05:01:11 GMT Content-Type: application/json; charset=UTF-8 Connection: close Content-Length: 412 Server: Apache { "storage" : { "access" : "private", "created" : "2018-06-16T04:47:56Z", "license" : 0, "origin" : "########-####-####-####-############", "servers" : { "server" : [] }, "size" : 50, "state" : "online", "title" : "On-Demand Backup", "type" : "backup", "uuid" : "########-####-####-####-############", "zone" : "us-chi1" } } |
Rename Backup
One thing that I would like to be able to do is to rename on-demand backups in the UpCloud dashboard (this is not a feature yet) but I can rename manual backup’s in the API though 🙂
Boring “On-Demand Backup” label.
I tried sending JSON to https://api.upcloud.com/1.2/storage/########-####-####-####-############ to rename a backup but kept getting an error?
JSON
{
> “storage”: {
> “title”: “Latest manual backup , Working NGINX, PHP, MySQL w Tweaks”,
> “size”: “50”
> }
> }
Result
> “error_code” : “CONTENT_TYPE_INVALID”,
> “error_message” : “The Content-Type header has an invalid value.”
I googled and found an old manual for UpClouds API (official support here).
I added these missing content type headers (108 was the length in chars of the payload)
1 2 | > Content-Type: application/json; Charset=UTF-8' > Content-Length: 108 |
Still no go?
I think the content length value is wrong, more here.
I fixed it, it turned out I had a semicolon in the Content-Type value. The JSON RFC always assumes that Content-Type is UTF8 encoded (more here).
This Fails
1 | Content-Type: application/json; charset=utf-8 |
This Works
1 | Content-Type: application/json |
Now I can rename my Backup (storage). I manually calculated the length of the JSON payload and added a “Content-Length” header and value.
Query (PUT)
1 2 3 4 5 6 7 8 | PUT /1.2/storage/########-####-####-####-############ HTTP/1.1 Host: api.upcloud.com User-Agent: Paw/3.1.7 (Macintosh; OS X/10.13.5) NSURLConnection/1452.23 Content-Type: application/json Content-Length: 113 Authorization: Basic ##############base64hash############## {"storage":{"size":"50","title":"Latest manual backup , Working NGINX, PHP, MySQL w Tweaks"}} |
Output
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | HTTP/1.1 202 ACCEPTED Date: Sun, 17 Jun 2018 05:47:02 GMT Content-Type: application/json; charset=UTF-8 Connection: close Content-Length: 453 Server: Apache { "storage" : { "access" : "private", "created" : "2018-06-16T04:47:56Z", "license" : 0, "origin" : "########-####-####-####-############", "servers" : { "server" : [] }, "size" : 50, "state" : "online", "title" : "Latest manual backup , Working NGINX, PHP, MySQL w Tweaks", "type" : "backup", "uuid" : "########-####-####-####-############", "zone" : "us-chi1" } } |
Success 🙂
Create a Backup
Backups can be performed with a “/backup” added to the end of the query string.
Query (POST)
1 2 3 4 5 6 7 8 9 10 11 12 | POST /1.2/storage/########-####-####-####-############/backup HTTP/1.1 Host: api.upcloud.com User-Agent: Paw/3.1.7 (Macintosh; OS X/10.13.5) NSURLConnection/1452.23 Content-Type: application/json Content-Length: 100 Authorization: Basic ##############base64hash############## { "storage": { "title": "Sunday 17th Latest backup , Working NGINX, PHP, MySQL w Tweaks" } } |
Output
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 | HTTP/1.1 201 CREATED Date: Sun, 17 Jun 2018 06:17:35 GMT Content-Type: application/json; charset=UTF-8 Connection: close Content-Length: 487 Server: Apache { "storage" : { "access" : "private", "created" : "2018-06-17T06:17:35Z", "license" : 0, "origin" : "########-####-####-####-############", "progress" : "0", "servers" : { "server" : [] }, "size" : 50, "state" : "maintenance", "title" : "Sunday 17th Latest backup , Working NGINX, PHP, MySQL w Tweaks", "type" : "backup", "uuid" : "########-####-####-####-############", "zone" : "us-chi1" } } |
Success (UpCloud GUI)
Conclusion
UpCloud does have great API docs.
I can easily integrate this into bash scripts to manage my servers via API and a future Java app for managing servers.
Paw does give CURL output to allow me to copy working API’s for use in BASH 🙂
More to come
- BASH Script to Deploy and configure a server on UpCloud via Initalization scripts (or manual) (1 week)
- JAVA App to manage your server (3 months)
If you are signing up for UpCloud please consider using my referral code and get $25 credit for free.
Read my setup guide here.
https://www.upcloud.com/register/?promo=D84793
I hope this guide helps someone.
Ask a question or recommend an article
Revision History
V1.1 updated typo
v1.0 Initial Post.
Deploying nodejs apps in the background and monitoring them with PM2 from keymetrics.io
This guide will help you install and setup the pm2 NodejJS process monitor PM2 from Keymetrics.io for free and manage your node apps performance and exceptions.
Advertisement:
What is PM2?
PM2 is a production process manager for Node.js applications with a built-in load balancer. It allows you to keep applications alive forever, to reload them without downtime and to facilitate common system admin tasks. This is the steps I used on Ubuntu 16.04. This is NOT a paid endorsement (just self-documenting).
Key Features of PM2
PM2 offers web-based monitoring dashboard, exception reporting, load balancer, CPU and memory monitoring, transaction tracer and much more for NodeJS apps.
What is PM2?
Official page: http://pm2.keymetrics.io/
More info https://www.npmjs.com/package/pm2
Install PM2
1 | npm install pm2 -g |
Install Output
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 | npm install pm2 -g /usr/bin/pm2 -> /usr/lib/node_modules/pm2/bin/pm2 /usr/bin/pm2-dev -> /usr/lib/node_modules/pm2/bin/pm2-dev /usr/bin/pm2-docker -> /usr/lib/node_modules/pm2/bin/pm2-docker /usr/bin/pm2-runtime -> /usr/lib/node_modules/pm2/bin/pm2-runtime /usr/lib └─┬ pm2@2.10.2 ├─┬ async@2.6.0 │ └── lodash@4.17.5 ├── blessed@0.1.81 ├─┬ chalk@1.1.3 │ ├── ansi-styles@2.2.1 │ ├── escape-string-regexp@1.0.5 │ ├─┬ has-ansi@2.0.0 │ │ └── ansi-regex@2.1.1 │ ├── strip-ansi@3.0.1 │ └── supports-color@2.0.0 ├─┬ chokidar@2.0.3 │ ├─┬ anymatch@2.0.0 │ │ └─┬ micromatch@3.1.10 │ │ ├── arr-diff@4.0.0 │ │ ├─┬ define-property@2.0.2 │ │ │ └─┬ is-descriptor@1.0.2 │ │ │ ├── is-accessor-descriptor@1.0.0 │ │ │ └── is-data-descriptor@1.0.0 │ │ ├─┬ extend-shallow@3.0.2 │ │ │ ├── assign-symbols@1.0.0 │ │ │ └─┬ is-extendable@1.0.1 │ │ │ └── is-plain-object@2.0.4 │ │ ├─┬ extglob@2.0.4 │ │ │ ├─┬ define-property@1.0.0 │ │ │ │ └─┬ is-descriptor@1.0.2 │ │ │ │ ├── is-accessor-descriptor@1.0.0 │ │ │ │ └── is-data-descriptor@1.0.0 │ │ │ ├─┬ expand-brackets@2.1.4 │ │ │ │ ├── debug@2.6.9 │ │ │ │ ├── define-property@0.2.5 │ │ │ │ ├── extend-shallow@2.0.1 │ │ │ │ └── posix-character-classes@0.1.1 │ │ │ └── extend-shallow@2.0.1 │ │ ├── fragment-cache@0.2.1 │ │ ├── kind-of@6.0.2 │ │ ├─┬ nanomatch@1.2.9 │ │ │ ├─┬ is-odd@2.0.0 │ │ │ │ └── is-number@4.0.0 │ │ │ └── is-windows@1.0.2 │ │ ├── object.pick@1.3.0 │ │ └── regex-not@1.0.2 │ ├── async-each@1.0.1 │ ├─┬ braces@2.3.2 │ │ ├── arr-flatten@1.1.0 │ │ ├── array-unique@0.3.2 │ │ ├─┬ extend-shallow@2.0.1 │ │ │ └── is-extendable@0.1.1 │ │ ├─┬ fill-range@4.0.0 │ │ │ ├── extend-shallow@2.0.1 │ │ │ ├─┬ is-number@3.0.0 │ │ │ │ └─┬ kind-of@3.2.2 │ │ │ │ └── is-buffer@1.1.6 │ │ │ ├── repeat-string@1.6.1 │ │ │ └── to-regex-range@2.1.1 │ │ ├── isobject@3.0.1 │ │ ├── repeat-element@1.1.2 │ │ ├─┬ snapdragon@0.8.2 │ │ │ ├─┬ base@0.11.2 │ │ │ │ ├─┬ cache-base@1.0.1 │ │ │ │ │ ├─┬ collection-visit@1.0.0 │ │ │ │ │ │ ├── map-visit@1.0.0 │ │ │ │ │ │ └── object-visit@1.0.1 │ │ │ │ │ ├── get-value@2.0.6 │ │ │ │ │ ├─┬ has-value@1.0.0 │ │ │ │ │ │ └─┬ has-values@1.0.0 │ │ │ │ │ │ └── kind-of@4.0.0 │ │ │ │ │ ├─┬ set-value@2.0.0 │ │ │ │ │ │ └── extend-shallow@2.0.1 │ │ │ │ │ ├─┬ to-object-path@0.3.0 │ │ │ │ │ │ └── kind-of@3.2.2 │ │ │ │ │ ├─┬ union-value@1.0.0 │ │ │ │ │ │ └─┬ set-value@0.4.3 │ │ │ │ │ │ └── extend-shallow@2.0.1 │ │ │ │ │ └─┬ unset-value@1.0.0 │ │ │ │ │ └─┬ has-value@0.3.1 │ │ │ │ │ ├── has-values@0.1.4 │ │ │ │ │ └── isobject@2.1.0 │ │ │ │ ├─┬ class-utils@0.3.6 │ │ │ │ │ ├── arr-union@3.1.0 │ │ │ │ │ ├── define-property@0.2.5 │ │ │ │ │ └─┬ static-extend@0.1.2 │ │ │ │ │ ├── define-property@0.2.5 │ │ │ │ │ └─┬ object-copy@0.1.0 │ │ │ │ │ ├── copy-descriptor@0.1.1 │ │ │ │ │ ├── define-property@0.2.5 │ │ │ │ │ └── kind-of@3.2.2 │ │ │ │ ├── component-emitter@1.2.1 │ │ │ │ ├─┬ define-property@1.0.0 │ │ │ │ │ └─┬ is-descriptor@1.0.2 │ │ │ │ │ ├── is-accessor-descriptor@1.0.0 │ │ │ │ │ └── is-data-descriptor@1.0.0 │ │ │ │ ├─┬ mixin-deep@1.3.1 │ │ │ │ │ ├── for-in@1.0.2 │ │ │ │ │ └── is-extendable@1.0.1 │ │ │ │ └── pascalcase@0.1.1 │ │ │ ├── debug@2.6.9 │ │ │ ├─┬ define-property@0.2.5 │ │ │ │ └─┬ is-descriptor@0.1.6 │ │ │ │ ├─┬ is-accessor-descriptor@0.1.6 │ │ │ │ │ └── kind-of@3.2.2 │ │ │ │ ├─┬ is-data-descriptor@0.1.4 │ │ │ │ │ └── kind-of@3.2.2 │ │ │ │ └── kind-of@5.1.0 │ │ │ ├── extend-shallow@2.0.1 │ │ │ ├── map-cache@0.2.2 │ │ │ ├── source-map@0.5.7 │ │ │ ├─┬ source-map-resolve@0.5.1 │ │ │ │ ├── atob@2.1.0 │ │ │ │ ├── decode-uri-component@0.2.0 │ │ │ │ ├── resolve-url@0.2.1 │ │ │ │ ├── source-map-url@0.4.0 │ │ │ │ └── urix@0.1.0 │ │ │ └── use@3.1.0 │ │ ├─┬ snapdragon-node@2.1.1 │ │ │ ├─┬ define-property@1.0.0 │ │ │ │ └─┬ is-descriptor@1.0.2 │ │ │ │ ├── is-accessor-descriptor@1.0.0 │ │ │ │ └── is-data-descriptor@1.0.0 │ │ │ └─┬ snapdragon-util@3.0.1 │ │ │ └── kind-of@3.2.2 │ │ ├── split-string@3.1.0 │ │ └─┬ to-regex@3.0.2 │ │ └─┬ safe-regex@1.1.0 │ │ └── ret@0.1.15 │ ├─┬ glob-parent@3.1.0 │ │ ├── is-glob@3.1.0 │ │ └── path-dirname@1.0.2 │ ├── inherits@2.0.3 │ ├─┬ is-binary-path@1.0.1 │ │ └── binary-extensions@1.11.0 │ ├─┬ is-glob@4.0.0 │ │ └── is-extglob@2.1.1 │ ├─┬ normalize-path@2.1.1 │ │ └── remove-trailing-separator@1.1.0 │ ├── path-is-absolute@1.0.1 │ ├─┬ readdirp@2.1.0 │ │ ├── graceful-fs@4.1.11 │ │ ├─┬ minimatch@3.0.4 │ │ │ └─┬ brace-expansion@1.1.11 │ │ │ ├── balanced-match@1.0.0 │ │ │ └── concat-map@0.0.1 │ │ ├─┬ readable-stream@2.3.6 │ │ │ ├── core-util-is@1.0.2 │ │ │ ├── isarray@1.0.0 │ │ │ ├── process-nextick-args@2.0.0 │ │ │ ├── safe-buffer@5.1.1 │ │ │ ├── string_decoder@1.1.1 │ │ │ └── util-deprecate@1.0.2 │ │ └── set-immediate-shim@1.0.1 │ └── upath@1.0.4 ├── cli-table-redemption@1.0.1 ├── commander@2.13.0 ├─┬ cron@1.3.0 │ └── moment-timezone@0.5.14 ├─┬ debug@3.1.0 │ └── ms@2.0.0 ├── eventemitter2@1.0.5 ├── fclone@1.0.11 ├── gkt@1.0.0 ├─┬ mkdirp@0.5.1 │ └── minimist@0.0.8 ├── moment@2.22.0 ├─┬ needle@2.2.0 │ ├── debug@2.6.9 │ ├─┬ iconv-lite@0.4.21 │ │ └── safer-buffer@2.1.2 │ └── sax@1.2.4 ├─┬ nssocket@0.6.0 │ ├── eventemitter2@0.4.14 │ └── lazy@1.0.11 ├── pidusage@1.2.0 ├─┬ pm2-axon@3.1.0 │ ├── amp@0.3.1 │ ├── amp-message@0.1.2 │ └── escape-regexp@0.0.1 ├── pm2-axon-rpc@0.5.0 ├─┬ pm2-deploy@0.3.9 │ ├── async@1.5.2 │ └── tv4@1.3.0 ├─┬ pm2-multimeter@0.1.2 │ └── charm@0.1.2 ├─┬ pmx@1.6.4 │ ├── deep-metrics@0.0.1 │ ├── json-stringify-safe@5.0.1 │ └─┬ vxx@1.2.2 │ ├─┬ continuation-local-storage@3.2.1 │ │ ├── async-listener@0.6.9 │ │ └── emitter-listener@1.1.1 │ ├── debug@2.6.9 │ ├── extend@3.0.1 │ ├── is@3.2.1 │ ├── lodash.findindex@4.6.0 │ ├── lodash.isequal@4.5.0 │ ├── lodash.merge@4.6.1 │ ├── methods@1.1.2 │ ├── shimmer@1.2.0 │ └── uuid@3.2.1 ├─┬ promptly@2.2.0 │ └─┬ read@1.0.7 │ └── mute-stream@0.0.7 ├── semver@5.5.0 ├─┬ shelljs@0.7.8 │ ├─┬ glob@7.1.2 │ │ ├── fs.realpath@1.0.0 │ │ ├─┬ inflight@1.0.6 │ │ │ └── wrappy@1.0.2 │ │ └── once@1.4.0 │ ├── interpret@1.1.0 │ └─┬ rechoir@0.6.2 │ └─┬ resolve@1.7.0 │ └── path-parse@1.0.5 ├─┬ source-map-support@0.5.4 │ └── source-map@0.6.1 ├── sprintf-js@1.1.1 ├── v8-compile-cache@1.1.2 ├─┬ vizion@0.2.13 │ └── async@1.5.2 └─┬ yamljs@0.3.0 └─┬ argparse@1.0.10 └── sprintf-js@1.0.3 |
PM2 Pricing
PM2 appears to be for high-end apps but I am only using the free version or PM2 (thanks KeyMetrics)
Create a bucket for your node app
Login to keymetrics.io,
Click Generate New Bucket
Give the bucket a name etc.
You can now link your bucket with your local pm2 installation (keep the keys private (this one no longer exists))
Linking your local pm2 installation with your keymetrics bucket
1 2 3 | pm2 link l3brztzboz25him i6kofelsyfo7xrd [KM] Connecting [Monitoring Enabled] Dashboard access: https://app.keymetrics.io/#/r/i6kofelsyfo7xrd |
To add an existing node app to PM2 type the following.
1 2 | cd /your-node-application-path/ pm2 start yourapp.js -i 0 --name "myappname" |
You can view node apps that pm2 is managing by typing
1 | pm2 status |
I had a two CPU VM and I found that the app I added was added to each of the two CPU (I only needed one) so I needed to delete the second app on my second core
1 | pm2 delete 1 |
Restart the API
1 | pm2 restart myappname |
You can add a single node apps one 1, 3 or max available CPU’s
1 2 3 4 5 6 7 8 | # Start the maximum processes depending on available CPUs pm2 start app.js -i 0 # Start the maximum processes -1 depending on available CPUs pm2 start app.js -i -1 # Start 3 processes pm2 start app.js -i 3 |
Again, to add an existing node app to PM2 type the following.
1 2 | cd /your-node-application-path/ pm2 start yourapp.js -i 0 --name "myappname" |
Now you can view node app data online. If you don’t have a node app ready you can use the test app.
You can monitor your node app locally too from the CLI.
You can also view a demo bucket at keymetrix.io
PM2’s one age documentation can be found here.
I hope this guide helps someone.
Ask a question or recommend an article
Revision History
v1.0 Initial post
Using Cloudflare DNS servers to speed up the internet and add privacy on OSX
Below is how I setup my OSX to use Cloudflare’s new DNS servers to speed up internet browsing and add privacy on OSX
Advertisement:
Cloudflare has launched a DNS service: https://blog.cloudflare.com/announcing-1111/
DNS Performance
You can view worldwide DNS performance by viewing https://www.dnsperf.com/#!dns-providers
I check the DNS at my router, I am using ISP provided DNS servers.
Cloudflare DNS
On April Fools 2018 Cloudflare Released a DNS server service.
Snip from here: “DNS: Internet’s Directory Nearly everything on the Internet starts with a DNS request. DNS is the Internet’s directory. Click on a link, open an app, send an email and the first thing your device does is ask the directory: Where can I find this? Unfortunately, by default, DNS is usually slow and insecure. Your ISP, and anyone else listening in on the Internet, can see every site you visit and every app you use — even if their content is encrypted. Creepily, some DNS providers sell data about your Internet activity or use it target you with ads.”
Set Cloudflare Nameservers using OSX
Open the Apple System Preferences, click Network, click on your Network (Wifi or ethernet), Click Advanced then DNS and add 1.1.1.1 and 1.0.0.1
Alternatively, you can manually set your DNS servers in OSX by editing the /etc/resolv.conf, by default SX will inherit DNS settings from our router.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | cat /etc/resolv.conf # # macOS Notice # # This file is not consulted for DNS hostname resolution, address # resolution, or the DNS query routing mechanism used by most # processes on this system. # # To view the DNS configuration used by this system, use: # scutil --dns # # SEE ALSO # dns-sd(1), scutil(8) # # This file is automatically generated. # domain home nameserver 1.1.1.1 nameserver 1.0.0.1 |
Troubleshooting: Clear DNS Cache
1 | sudo killall -HUP mDNSResponder |
Debug DNS Data
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 | scutil --dns DNS configuration resolver #1 search domain[0] : home nameserver[0] : 1.1.1.1 nameserver[1] : 1.0.0.1 flags : Request A records reach : 0x00000002 (Reachable) resolver #2 domain : local options : mdns timeout : 5 flags : Request A records reach : 0x00000000 (Not Reachable) order : 300000 resolver #3 domain : 254.169.in-addr.arpa options : mdns timeout : 5 flags : Request A records reach : 0x00000000 (Not Reachable) order : 300200 resolver #4 domain : 8.e.f.ip6.arpa options : mdns timeout : 5 flags : Request A records reach : 0x00000000 (Not Reachable) order : 300400 resolver #5 domain : 9.e.f.ip6.arpa options : mdns timeout : 5 flags : Request A records reach : 0x00000000 (Not Reachable) order : 300600 resolver #6 domain : a.e.f.ip6.arpa options : mdns timeout : 5 flags : Request A records reach : 0x00000000 (Not Reachable) order : 300800 resolver #7 domain : b.e.f.ip6.arpa options : mdns timeout : 5 flags : Request A records reach : 0x00000000 (Not Reachable) order : 301000 DNS configuration (for scoped queries) resolver #1 search domain[0] : home nameserver[0] : 1.1.1.1 nameserver[1] : 1.0.0.1 if_index : 7 (en0) flags : Scoped, Request A records reach : 0x00000002 (Reachable) |
Confirm Cloudflare DNS from the OSX Comand line
1 2 3 4 5 6 7 8 9 | nslookup www.fearby.com Server: 1.1.1.1 Address: 1.1.1.1#53 Non-authoritative answer: Name: www.fearby.com Address: 104.27.154.69 Name: www.fearby.com Address: 104.27.155.69 |
Privacy
I am not sure if Cloudflare is any more private than using ISP DNS but I’ll happily use it.
Several people have asked me about Cloudflare’s new 1.1.1.1 privacy DNS service. To be clear: it DOES NOT stop your ISPs from collecting your browsing history. ISPs can still see the sites you’re connecting to — even if the site is over HTTPS. You will still send a hostname.
— Zack Whittaker (@zackwhittaker) April 2, 2018
Speed
I can’t tell if DNS is faster, I did ping my ISP DNS before switching and it was about the same (sub 25ms), time will tell.
Conclusion
I have used https://www.opendns.com/ before and loved the dashboards, I hope Cloudflare add dashboard options too.
I hope this guide helps someone.
Ask a question or recommend an article
Revision History
v1.0 Initial post
Using the Qualys FreeScan Scanner to test your website for online vulnerabilities
It is possible to deploy a server in minutes to hours but it can take days to secure. What tools can you use to help identify what to secure on your website?
Advertisement:
I have a number of guides on moving hasting away form CPanel, Setting up VM’s on AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line, installing a Free SSL certificate and setting up SSL security.
Security Tools
- https://asafaweb.com/ is a good tool for quick scanning
- Kali Linux has a number of security tools you can use.
- You can run a system audit Lynis Audit.
- Checking your site for vulnerabilities with Zap.
- Run a Gravity Scan malware and supply chain scan
- Use Qualys SSL scan to test your SSL certificate: https://www.ssllabs.com/ssltest/
Qualys SSL Labs SSL Tester is the best tool for checking an SSL certificate strength
Most people don’t know Qualys also has another free (limited to 10 scans) vulnerability scanner for websites.
Goto https://freescan.qualys.com/ and click Start your free account.
Complete the signup form
Now check your email to login and confirm your email account
Login now from the email.
Create a password (why the 25 char max Qualys?)
Enter your website URL and click Scan
The scan can take hours
While the scan was being performed I noticed that Qualys offers alerts (I’ll check this out later): https://www.qualys.com/research/security-alerts/
Yes, the scan can take hours, take a walk or read other posts here.
The scan is almost complete
Yay, my latest scan revealed 0 High, 0 Medium and 0 Low-risk vulnerabilities.
It did report 23 informational alerts like “Firewall Detected“.
Threat Report Results
Patch Report Results
This report was empty (probably because I don’t run Windows)
Threat Report Results
The OWASP report contained partial scan results (maybe the full report is available to pro users)
Previous Scan Results
The Qualys dashboard will show all past scans.
My first scan showed a Low priority issue with the /wp-login.php page as the input fields did not have “autocomplete=”off””, I fixed this by adding “autocomplete=”off”” the removing the page (safer).
The second scan found two issues with cookies (possibly ad banner cookies) and 2 subfolders that I created in past development exercises. I deleted the two sub-folders that were not needed.
The third scan was clean.
Here is a scan of a static website of a friends server (static can be less secure if the server underneath is old or unpatched).
Happy scanning. I hope this guide helps someone.
Ask a question or recommend an article
Revision History
v1.1 Static Web Server Scan
v1.0 Initial post
Backing up OSX or an Ubuntu server with Backblaze B2 Cloud Storage from the Command Line
This computer will show you can back up computer or server with Backblaze B2 Cloud Storage from the Command Line n OSX and Ubuntu.
Advertisement:
This post is still being written. I have a number of guides on moving hasting away form CPanel, Setting up VM’s on AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line. Also, I have blogged about how you can add block storage to a Vultr server, backup and restore snapshots , syncing files with rsync along with using GitHub and Bitbucket but what do you do if you need to backup large amounts of data?
Backblaze has a Cloud storage solution that costs as low as $0.005c a GB (a month), The first 10G is free. Backblaze say “From bytes to petabytes Backblaze B2 is the lowest cost high-performance cloud storage in the world. ”
Back Blaze have open sourced internal drive enclosure designs and drive failure stats and it’s time I gave them a try.
Goto https://www.backblaze.com
Create or sign in.
After you login got the dashboard.
Click Backblaze B2 Cloud Storage
Create a Bucket
Name the bucket (long names with a GUID are good).
You can rename the bucket here and change public/private and or upload/download files manually.
The first thing I did was limit the versions of files under the lifecycle settings for the bucket.
Now I created a series of subfolders to store files from different servers (I could have used many buckets but one bucket will do).
I can upload files via the Backblaze bucket GUI if I needed to.
Back Blaze has a command line tool for uploading: https://www.backblaze.com/b2/docs/quick_command_line.html
Install Steps
Backblaze state “The B2 command-line tool is available from the Python Package Index (PyPI) using the standard pip installation tool. Your first step is to make sure that you have either Python 2 (2.6 or later) or Python 3 (3.2 or later) installed.”
I have Python 2.7 installed
1 2 | python --version Python 2.7.10 |
Install PIP
1 2 3 4 5 6 7 8 9 10 11 12 13 | sudo easy_install pip Password: Searching for pip Best match: pip 1.5.6 Processing pip-1.5.6-py2.7.egg pip 1.5.6 is already the active version in easy-install.pth Installing pip script to /usr/local/bin Installing pip2.7 script to /usr/local/bin Installing pip2 script to /usr/local/bin Using /Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg Processing dependencies for pip Finished processing dependencies for pip |
I ran into issues updating b2 CLI
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | sudo pip install --upgrade b2 Requirement already up-to-date: b2 in /Library/Python/2.7/site-packages Requirement already up-to-date: arrow>=0.8.0 in /Library/Python/2.7/site-packages (from b2) Requirement already up-to-date: logfury>=0.1.2 in /Library/Python/2.7/site-packages (from b2) Requirement already up-to-date: requests>=2.9.1 in /Library/Python/2.7/site-packages (from b2) Requirement already up-to-date: six>=1.10 in /Library/Python/2.7/site-packages (from b2) Requirement already up-to-date: tqdm>=4.5.0 in /Library/Python/2.7/site-packages (from b2) Requirement already up-to-date: futures>=3.0.5 in /Library/Python/2.7/site-packages (from b2) Downloading/unpacking python-dateutil from https://pypi.python.org/packages/bc/c5/3449988d33baca4e9619f49a14e28026399b0a8c32817e28b503923a04ab/python_dateutil-2.7.0-py2.py3-none-any.whl#md5=5a86a548fe776cc079bf4a835473e3f8 (from arrow>=0.8.0->b2) Downloading python_dateutil-2.7.0-py2.py3-none-any.whl (207kB): 207kB downloaded Installing collected packages: python-dateutil Found existing installation: python-dateutil 1.5 Uninstalling python-dateutil: Cleaning up... Exception: Traceback (most recent call last): File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/basecommand.py", line 122, in main status = self.run(options, args) File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/commands/install.py", line 283, in run requirement_set.install(install_options, global_options, root=options.root_path) File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/req.py", line 1431, in install requirement.uninstall(auto_confirm=True) File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/req.py", line 598, in uninstall paths_to_remove.remove(auto_confirm) File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/req.py", line 1836, in remove renames(path, new_path) File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/util.py", line 295, in renames shutil.move(old, new) File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/shutil.py", line 299, in move copytree(src, real_dst, symlinks=True) File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/shutil.py", line 208, in copytree raise Error, errors Error: [('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/parser.pyc', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/parser.pyc', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/parser.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/relativedelta.py', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/relativedelta.py', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/relativedelta.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/zoneinfo-2010g.tar.gz', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/zoneinfo-2010g.tar.gz', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/zoneinfo-2010g.tar.gz'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/__init__.py', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/__init__.py', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/__init__.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/__init__.pyc', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/__init__.pyc', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/__init__.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tz.py', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tz.py', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tz.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/relativedelta.pyc', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/relativedelta.pyc', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/relativedelta.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/rrule.pyc', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/rrule.pyc', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/rrule.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/__init__.py', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/__init__.py', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/__init__.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/parser.py', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/parser.py', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/parser.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tzwin.py', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tzwin.py', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tzwin.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/rrule.py', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/rrule.py', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/rrule.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/__init__.pyc', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/__init__.pyc', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/__init__.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/easter.py', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/easter.py', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/easter.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/easter.pyc', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/easter.pyc', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/easter.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tz.pyc', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tz.pyc', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tz.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tzwin.pyc', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tzwin.pyc', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tzwin.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil'")] Storing debug log for failure in /Users/simon/Library/Logs/pip.log |
I tried installing via the alternative method (with no luck)
1 2 3 4 5 6 7 | git clone https://github.com/Backblaze/B2_Command_Line_Tool.git Cloning into 'B2_Command_Line_Tool'... remote: Counting objects: 5084, done. remote: Compressing objects: 100% (8/8), done. remote: Total 5084 (delta 1), reused 1 (delta 0), pack-reused 5076 Receiving objects: 100% (5084/5084), 1.25 MiB | 689.00 KiB/s, done. Resolving deltas: 100% (3622/3622), done. |
1 | cd B2_Command_Line_Tool/ |
I tried running the setup script (with no luck)
1 2 | sudo python setup.py install setuptools 20.2 or later is required. To fix, try running: pip install "setuptools>=20.2" |
Upgrading setup tools also failed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 | sudo pip install "setuptools>=20.2" Downloading/unpacking setuptools>=20.2 Downloading setuptools-38.5.2-py2.py3-none-any.whl (490kB): 490kB downloaded Installing collected packages: setuptools Found existing installation: setuptools 18.5 Uninstalling setuptools: Cleaning up... Exception: Traceback (most recent call last): File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/basecommand.py", line 122, in main status = self.run(options, args) File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/commands/install.py", line 283, in run requirement_set.install(install_options, global_options, root=options.root_path) File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/req.py", line 1431, in install requirement.uninstall(auto_confirm=True) File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/req.py", line 598, in uninstall paths_to_remove.remove(auto_confirm) File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/req.py", line 1836, in remove renames(path, new_path) File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/util.py", line 295, in renames shutil.move(old, new) File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/shutil.py", line 299, in move copytree(src, real_dst, symlinks=True) File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/shutil.py", line 208, in copytree raise Error, errors Error: [('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/markers.pyc', '/tmp/pip-8Vu7xp-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/markers.pyc', "[Errno 1] Operation not permitted: '/tmp/pip-8Vu7xp-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/markers.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/__init__.py', '/tmp/pip-8Vu7xp-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/__init__.py', "[Errno 1] Operation not permitted: '/tmp/pip-8Vu7xp-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/__init__.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/markers.py', '/tmp/pip-8Vu7xp-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/markers.py', "[Errno 1] Operation not permitted: '/tmp/pip-8Vu7xp-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/markers.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/__init__.pyc', '/tmp/pip-8Vu7xp-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/__init__.pyc', "[Errno 1] Operation not permitted: '/tmp/pip-8Vu7xp-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/__init__.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib', '/tmp/pip-8Vu7xp-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib', "[Errno 1] Operation not permitted: '/tmp/pip-8Vu7xp-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib'")] Storing debug log for failure in /Users/simon/Library/Logs/pip.log |
Backing up a Mac via command line with B2
More to come when I can get B2 CLI Installed.
Backing up a an Ubuntu machine via command line with B2
More to come when I can get B2 CLI Installed.
Update
My ticket with Backblaze was automatically closed with this note “If the issue is persisting, it may be easiest to map the installation to the user folder, rather than the system level.”
No ideas how but something to research.
Ask a question or the recommend an article
Revision History
V1.1 ticket closed
v1.0 Initial post
Setting up the Debian Kali Linux distro to perform penetration testing of your systems
This post will show you how to setup the Kali Linux distro to perform penetration testing of your systems
Advertisement:
I have a number of guides on moving hasting away form CPanel, Setting up VM’s on AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line. Securing your systems is very important (don’t stop) and keep learning (securing ubuntu in the cloud, securing checklist, run a Lynis system audit etc)
snip from: https://www.kali.org/about-us/
“Kali Linux is an open source project that is maintained and funded by Offensive Security, a provider of world-class information security training and penetration testing services. In addition to Kali Linux, Offensive Security also maintains the Exploit Database and the free online course, Metasploit Unleashed.”
Download Kali
I downloaded the torrent version (as the HTTP version kept stopping (even on 50/20 NBN).
After the download finished I checked the SHA sum to verify it’a integrity
1 2 3 | cd /Users/username/Downloads/kali-linux-2018.1-amd64 shasum -a 256 ./kali-linux-2018.1-amd64.iso ed88466834ceeba65f426235ec191fb3580f71d50364ac5131daec1bf976b317 ./kali-linux-2018.1-amd64.iso |
A least it matched the known (or hacked) hash here.
Installing Parallels in a VM on OSX
I use Parallels 11 on OSX to set up a VM os Demina Kali, you can use VirtualBox, VMWare etc.
Hardware: 2x CPU, 2048MB Ram, 32MB Graphics, 64GB Disk.
I selected Graphical Install (English, Australia, American English, host: kali, network: hyrule, New South Wales, Partition: Guided – entire disk, Default, Default, Default, Continue, Yes, Network Mirror: Yes, No Proxy, Installed GRUB bootloader on VM HD.
Post Install
Install Parallel Tools
Official Guide: https://kb.parallels.com/en/123968
I opened the VM then selected the Actions then Install Parallels Tools, this mounted /media/cdrom/, I copied all contents to /temp/
As recommended by the Parallels instal bash script I updated headers.
1 | apt install linux-headers-4.14.0-kali1-amd64 |
Then the following from https://kb.parallels.com/en/123968
1 2 3 4 5 | apt-get clean apt-get update apt-get upgrade -y apt-get dist-upgrade -y apt-get install dkms kpartx printer-driver-postscript-hp |
Parallels will not install, I think I need to upgrade to parallel 12 or 12 as the printer driver detection is not detecting (even though it is installed).
Installing Google Chrome
I used the video below
I have to run chrome with
1 | /usr/bin/gogole-chrome-stable %U --no-sandbox --user-data=dir & |
It works.
Running your first remote vulnerability scan in Kali
I found this video useful in helping me scan and check my systems for exploits
Simple exploit search in Armitage (metasploit)
A quick scan of my server revealed three ports open and (22, 80 and 443). Port 80 redirects to 443 and port 22 is firewalled. I have WordPress and exploits I rued failed to work thanks to patching (always stay ahead of patching and updating of software and the OS.
Without knowing what I was doing I was able to check my WordPress against known exploits. 
If you open the Check Exploits menu at the end of the Attacks menu you can do a bulk exploit check.
WP Scan
Kali also comes with a WordPress scanner
1 | wpscan --url https://fearby.com |
This will try and output everything from your web server and WordPress plugins.
/xmlrpc.php was found and I was advised to deny access to that file in NGINX. xmlrpc.php is ok but can be used in denial of service attacks.
1 2 3 4 5 | location = /xmlrpc.php { deny all; access_log off; log_not_found off; } |
I had a hit for a vulnerability in a Youtube Embed plugin but I had a patched version.
TIP: Check your WordPress often.
More to come (Draft Post).
- OWASP scanner
- WPSCAN
- Ethical Hacker modules
- Cybrary training
- Sent tips to @FearbySoftware
Tips
Don’t have unwanted ports open, securely installed software, Use unattended security updates in Ubuntu, update WordPress frequently and limit plugins and also consider running more verbose audit tools like Lynis.
More Reading
Read my OWASP Zap guide on application testing and Cloudflare guide.
I hope this guide helps someone.
Ask a question or recommend an article
Revision History
v1.2 added More Reading links.
v1.1 Added bulk exploit check.
v1.0 Initial post
Upgrading the RAM, CPU and Memory on a Vultr Ubuntu VM in the cloud
Upgrading the RAM, CPU and Memory on a Vultr Ubuntu VM in the cloud is quite simple.
Advertisement:
I have a number of guides on moving hasting away form CPanel, Setting up VM’s on AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line. I prefer Vultr as they are located in the country (Australia) and are easy to use.
First, you need to shut down the server from within the VM (SSH), I used the command.
1 | sudo shutdown now |
Once the VM is shut down (wait a few minutes) you can turn off the VM in the Vultr GUI.
You can then go to Settings, Change Plan and review upgrade options.
Snapshot
Don’t forget to take a final snapshot.
Goto the Snapshots page (read this guide to restore a snapshot) and click Take Snapshot.
You can see snapshot progress on the main screen.
It may take a while for your snapshot to change from Pending to Processing.
Upgrade
When the snapshot is done it will auto boot and allow you to upgrade.
Choose the Upgrade specifications (Settings, Change Plan)
Click Upgrade
Confirm
The upgrade process will take a few minutes (I could see the CU and Ram was updated but the Storage was pending)
Testing
After the upgrade happened the VM will autoboot, login and check tour specifications (Useful Linux Commands).
I use the htop command to view specification information.
I did a quick benchmark pre-optimizing and I can see a speed bump of 0.2s. Time to optimize.
I threw 50 concurrent clients at my website (with loader.io) and the server handled it fine with no increase above memory capacity like before.
Optimize
Now I need to Optimize. Truth be told I did optimize and harden PHP and crashed PHP-FPM so I had o restore a VM snapshot.
Troubleshooting
If all else fails (post-upgrade configuration) you can restore the Vultr VM from a snapshot.
I hope this guide helps someone.
P.S If you don’t have a VM on Vultr click this link to set one up in minutes (setup guide here).
Ask a question or recommend an article
Revision History
v1.0 Initial post
Using the free Adminer GUI for MySQL on your website
Adminer is a free GUI tool that can you can easily install on a PHP web server. Adminer allows you to easily connect to your MySQL instance, create databases/tables/indexes/rows and backup/import databases and much more.
Advertisement:
You can read my other posts on Useful Linux Terminal Commands and Useful OSX Terminal Commands.
I used to use phpMyAdmin to manage MySQL databases on AWS, Digital Ocean and Vultr but switched to Adminer due to forgotten issues. You can always manage MySQL via command line but that is quite boring.
The below screenshots were taken on my local Development Mac Laptop (with optional OSX Apache SSL Setup (that reports “Not Secure” (but it is good enough to use locally)). I prefer to code in SSL and warn when SSL is not detected.
Downloading and Installing Adminer
Navigate to https://www.adminer.org/ and click Download.
Click English only (.php file)
Save the Adminder for MySQL (.php) file to your web server and give it a random name and put in a folder also with a random name (I use https://www.grc.com/passwords.htm to generate strong password).
Tip: Uploading this file to a live serve offers hackers and unauthorized people potential access to your MySQL server. I would remove this file from live serves when you are not using it not to be sure.
Tip: Read my guide here on setting up NGINX, MySQL and PHP here. Basically I did this to setup MySQL on Ubuntu 16.04.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | sudo apt-get install mysql-common sudo apt-get install mysql-server mysql --version >mysql Ver 14.14 Distrib 5.7.19, for Linux (x86_64) using EditLine wrapper sudo mysql_secure_installation >Y (Valitate plugin) >2 (Strong passwords) >N (Don't chnage root password) >Y (Remove anon accounts) >Y (No remote root login) >Y (Remove test DB) >Y (Reload) service mysql status > mysql.service - MySQL Community Server |
TIP: Ensure MySQL is secure and has a good root password, also consider setting up Ubuntu Firewalls and Securing Ubuntu. Also ensure the Server is patched and does not have exploits like Spectre and meltdown.
Now you can access your Admirer php file on your Web Server (hopefully with an obfiscated name).
Login to Adminer with your MySQL root password.
Click Create databaase
Give the database a name and choose the character coding standard (e.g UTF8 ceneral ci). Different standards have different performance impacts too.
Now that you have a database you can create a table.
Consider adding an auto-incrementing ID and say a Key and Value varchar column.
When the table is created you can add a row to the table.
I created one with a “TestKey” and “TestValue” row.
The row was inserted.
The final thing to do is add a database user that code can connect to the database with. Click Privileges.
Click Create user
Tick All privileges and click Save
Now the user is added to the database
Let’s create a PHP file and talk to the database. Let’s use parameterized queries
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 | <?php date_default_timezone_set('Australia/Sydney'); echo "Last modified: " . date ("F d Y H:i:s.", getlastmod()) . "<br /><br />"; // Turn on if you need to see errors // error_reporting(E_ALL); // ini_set('display_errors', 0); $dbhost = '127.0.0.1'; $dbname = 'dbtest'; $dbusername = 'dbtestuser'; $dbpassword = '*****************************************''; $con = mysqli_connect($dbhost, $dbusername, $dbpassword, $dbname); // Turn on debug stuff if you need it // echo var_dump($con); // printf(" - Error: %s.n", $stmt->error); if($con->connect_errno > 0){ printf(" - Error: %s.n", $stmt->error); die("Error: Unable to connect to MySQL"); } else { echo "Charset set to utf8<br />"; mysqli_set_charset($con,"utf8"); } if (!$con) { echo "Error: Unable to connect to MySQL (E002)" . PHP_EOL; echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL; echo "Debugging error: " . mysqli_connect_error() . PHP_EOL; exit; } else { echo "Database Connection OK<br />"; echo " Success: A proper connection to MySQL was made! The $dbname database is great." . PHP_EOL . "<br />"; echo " - Host information: " . mysqli_get_host_info($con) . PHP_EOL . "<br />"; echo " - Server Info: '" . mysqli_get_server_info($con) . "'<br />"; echo " - Server Protocol Info : ". mysqli_get_proto_info($con) . "<br />"; echo " - Server Version: " . mysqli_get_server_version($con) . "<br />"; //echo " - Server Connection Stats: " . print_r(vmysqli_get_connection_stats($con)) . "<br />"; echo " - Client Version: " . mysqli_get_client_version($con) . "<br />"; echo " - Client Info: '" . mysqli_get_client_info() . "'<br />"; echo "Ready to Query the database '$dbname'.<br />"; // Input Var's that are parameterized/bound into the query statement $in_key = mysqli_real_escape_string($con, 'TestKey'); // Output Var's that the query fills after querying the database // These variables will be filled with data from the current returned row $out_id = ""; $out_key = ""; $out_value = ""; echo "1. About to query the database: '$dbname'<br />"; $stmt = mysqli_stmt_init($con); $sql = "SELECT testid, testkey, testvalue FROM tbtest WHERE testkey = ?"; echo "SQL: $sql (In = $in_key)<br /"; if (mysqli_stmt_prepare($stmt, $sql)) { echo "2. Query Returned<br />"; /* Type specification chars Character Description i corresponding variable has type integer d corresponding variable has type double s corresponding variable has type string b corresponding variable is a blob and will be sent in packets */ mysqli_stmt_bind_param($stmt, 's', $in_key); mysqli_stmt_execute($stmt); mysqli_stmt_bind_result($stmt, $out_id, $out_key, $out_value); mysqli_stmt_fetch($stmt); // Do something with the 1st returned row echo " - Row: ID: $out_id, KEY: $out_key, VAL: $out_value <br />";// // Do we have more rows to process while($stmt->fetch()) { // Output returned values echo " - Row: ID: $out_id, KEY: $out_key, VAL: $out_value <br />";// } mysqli_stmt_close($stmt); echo "Done<br />"; } else { echo "3. Error Querying<br/>"; printf(" - Error: %s.n", $stmt->error); } } ?> |
Result
If you don’t have a server check out my guides on AWS, Digital Ocean and Vultr.
Happy coding and I hope this helps someone.
Donate and make this blog better
Ask a question or recommend an article
Revision History
v1.0 Initial Version
The case of the overheating Mac Book Pro and Occam’s Razor
Thank You William of Ockham (1287 – 1347) who coined the term “Ockham Razor” (“among competing hypotheses, the one with the fewest assumptions should be selected“) has helped my overheating Late 2012 Mac Book Pro and solve heat problems by removing dust, installing fan control software and re applying thermal paste.
Advertisement:
I knew summer was coming (Thanks to Troy Hunt), I was already accepting high temperatures on my Development laptop.
My Mac Book Pro was reaching 95~104c right after bootup and stayed there. The Intel processor (2.6Ghz i7) was doing a fantastic job at throttling the core down to protect the processor. At this point, I thought my laptop was powered by a Fitbit processor (everything was super slow).
I was using the TunaBelly temperature monitor software to see temps.
I checked the Tunabelly Software website and found I was running an older version of the software (App Store version). I can now download a new version (direct from the author called TG Pro) and upgrade to a TB Pro ( see here ).
Old version (left screenshot below) and the new version (right screenshot below).
The new version has a nice drop down menu (with stats).
TG Pro even has notifications when temps get too high 🙂
Why the High Temps
I had assumed that this heat was caused by extra CPU activity in the recent Apple High Sierra update (or Summer). I had noticed OSX locking up after I installed High Sierra. I had assumed that OSX 10.3 (High Sierra) was now pushing the CPU harder like Metal was pushing Apple GPU’s harder.
This morning the higher fan speed did not seem to help so I sat my Mac under a split system air conditioner (with no luck).
Even with the split system air conditioner running (and pointing at the Mac), the Mac was still overheating.
I was a boiling frog in my own pot of assumptions. This bad assumption sent me down the wrong (potentially expensive path (new machine)).
My brain dived into solutions mode and concocted that High Sierra was crap and I needed a new iMac Pro with advanced cooling (the problem is Apple have not released them yet). The image of the new Apple iMac Pro (below) is really here just so I can drool at the new iMac Pro insides: https://www.apple.com/au/imac-pro/
Simulated cooling in the new iMac Pro. **Mmmm Reality distortion field.**
After realising the high fan speeds and the air conditioner was no longer working I decided to open the laptop and check for dust. I had always assumed that because I don’t smoke, don’t let cats near the laptop and have a clean laptop area that dust was not the issue (hint: I was wrong).
Warning: Opening your laptop will void the warranty and you will probably kill it. You will need special screwdrivers, you will need to carefully follow anti-static procedures etc. I take no responsibility for your actions opening your devices.
P.S Watch Louis Rossman from https://www.rossmanngroup.com/ if you want to learn how to do things the right way. Here is a sample Louis Rossmann video (possibly NSFW) where he fixed a board (debugging).
Experience
I have pulled apart and modified heaps of PC’s before so I am comfortable opening up electronics and computers.
I have cut PCI-E 16x circuits down to PC’IE-8x to make them fit a server mainboard. Do not play with the insides of computers or electricity unless you know what you are doing period.
I have setup watercooled PC’s and dealt with water leakages in the search for silence.
Ok enough warnings.
Is Dust an Issue?
It seems I have ignored Ockham Razor (“among competing hypotheses, the one with the fewest assumptions should be selected”). Time to crack my laptop open and clean away any dust, Although I don’t have before photos of the dust (it was rather hidden near the exit port), dust was clearly the cause of the high temps.
It is not as if I am editing 4K videos here.
Troubleshooting: Start with the basics.
- I should have considered dust inside the laptop,
- I should have considered the old thermal paste needed replacing.
After Cleaning
After a quick clean with the kids paint brushes, tweezers, pin, the wife’s makeup brush and little rocket camera cleaning thingy I think I am finished.
After Cleaning Photos (Click for higher resolution)
fyi: These photos are just to show off my Late 2012 Mac Book Pro insides after cleaning.
fyi: SSD on the bottom left, memory in the middle and the heat pipe at the top of the photo.
fyi: SSD at the bottom, Fan and Heatsink near the top. The CPU fan was mostly clear and not an obvious overheating issue.
Most of the dust was on the heatsink at the end of the heat pipe (at the top of this photo, about 1/3 was blocked). The CPU fans had a slight coating of fine dust that I removed.
fyi: The heatsink below on the heat pipe was overheating due to 1/3 of the output duct being blocked.
fyi: This area (above) was rather dusty and possibly overheating.
Memory to CPU interconnect area (now clean).
fyi: Battery connector, battery power converter and fan.
Each primary air intake duct is now clean and free.
Removed Dust (and tools)
I removed this much dust from each of the fan’s outputs. The dust was mostly around the heat pipe area. The dust appears to be the same fibre as the protective case (Green Smart Neogreene case, that I slid the laptop into to protect it). This was not a lot of dust but was enough to block airflow, I will now clean my Mac Book every spring.
When I started up the laptop with the base on temps where better.
Conclusion
CPU Temperatures are about 40c cooler, GPU is about 35c cooler and CPU area is about 15c cooler. My Mac Book is no longer overheating and handles high CPU demands again without thermal throttling
Here are idle and load temps with the older Tuna Belly Temperature Monitor (fyi: I now use the newer TunaBelly Software TG Pro temperature Software) and output from the Intel Power Gadget Utility.
As a precaution I have I configured TG Pro to Auto Boost fan speeds. This has helped keep the high temperatures under control (when they go above 80c).
fyi: TG Pro also allows to to set your own ramps in fan speeds, email alerts, sounds etc (review coming soon).
Summary
In future, I will ask myself what the simplest possible problem is (Occam’s Razor or use Rubber Duck Debugging) instead of dreaming up problems/solutions and yes Apple computers need maintenance too.
Hope this helps someone.
UPDATE After 1 week
Temperatures have crept back up with the heatwave in Australia. The CPU is now in the high 90’s again. I am now solely using the TG Pro software to mange fan speeds until the new machine. Sadly Apple deliver quiet computers over cool ones so I’ll install TG Pro on all future machines.
Another Thought
Should the thermal paste be replaced? If this was a PC I would have done this already.
I have ordered some thermal paste and will apply that to the GPU and CPU soon and update this post.
https://www.pccasegear.com/products/33322/thermal-grizzly-kryonaut-thermal-grease-1g/
I will try this when it arrives.
I could not wait and I did remove the stock thermal paste and applied some old (10-year-old) Vantec paste I had that was still good. I did have some Arctic Silver 5 (5x tubes) but it was 10 years old and gummy. The best paste I had was 1 tube of white silicone Vantec paste I had that came with a past PC heatsink. It was still the right consistency, not separated and spreadable.
Always test thermal paste and write the purchase date on the paste when your order i (it does go bad).
Removing my heatsink was easy (with the right screwdrivers) on my Mid 2012 MPB 15″ Retina. Consult ifixit.com or online guide to open your mac.
I removed these screws.
I removed the stock Mac Book heat spreader to reveal a terrible application of Apple stock thermal paste. The paste was very dry and the CPU die was not fully covered anymore.
This was the paste under the heat sink. Dry and flakey.
This is the thickness of the MBP heatsink.
I cleaned the old paste off the Geforce 650M GPU die.
I cleaned the Core i7 2.6Ghz CPU die too.
This is the size of the MBP heatsink.
The Heatsink is not very thick.
This was the cooler on the last Windows PC I built.
I cleaned the old paste off the heatsink and applied the new (old) Vantec silicone paste using a new application method mentioned here. I will lift the heatsink in 1 week (when the new Grizzly compound arrives) and see if this new method is ok over the tried and tested grain of rice size dollop in the middle of the die.
I reassembled the laptop and the results seemed to drop the CPU temps to 20c above ambient air temps. My CPU is no longer sitting in the high 90’s in the non-air-conditioned Aussie summer 🙂
I get the usual high CPU temp spikes but the temps quickly fall back down again.
Ambient temps are higher today (compared to past screenshots) so direct comparisons cannot be made.
I will wait for my order of Thermal Grizzly Kryonaut Thermal Grease 1g arrives and update this post.
Update: Applied Kyronaut – Ultra High-Performance Thermal Grease
7mm of thermal grease
Old Silicone Grease Removal.
I used this application method
Results
16c above CPU Proximity Temp at idle 🙂 The Silicone grease was 19c above amdinet temps.
Conclusion
I have no doubt the more aggressive TG Pro fan profiles and the Grizzly thermal grease application has brought life back to my old laptop. Idle temps are lower and when the system is pushed to high activity temperatures fall much sooner.
Donate and make this blog better
Ask a question or recommend an article
Revision History
V1.9 Not editing 4K videos
v1.8 Applied Kyronaut – Ultra High-Performance Thermal Grease
v1.7 Applied old thermal paste information (before good thermal paste arrives).
V1.6 Added YouTube video
V1.5 Ordered some thermal paste.
V1.4 TG Pro, update, simulated cooling photo.