Uncategorized

Password change for a PayPal business subaccount

Leave a comment

PayPal business accounts allow you to set up separate logins with restricted access to the account. So for example, you need to have someone who can send invoices and issue refunds, but isn’t allowed to send money.

The accounts have separate passwords from the master account. Changing the password for one of these subaccounts is simpler than for the master account, but the process isn’t completely obvious if you don’t know what all the icons mean. (This was accurate at the time it was written, but user interfaces do change.)

  1. Login to PayPal.
  2. In the upper right corner of the page, click on the gear icon.PayPal "settings" gear icon.
  3. From the menu, click “Your Profile.”
  4. In the “Password” row, click “Update”PayPal login and security screen
  5. Enter the current password in the “Confirm your current password” field.
  6. Enter the new password twice (once for confirmation)
  7. Click the “Change Password” button.
Uncategorized

Turning off Windows feedback prompts

I use Windows, Linux and Mac. I hop between them several times a day and find that each has its own strengths and annoyances.

This evening, Windows presented me with a prompt, asking how hard it is to customize Windows. It took me out of my workflow, distracting me from the task I originally wanted to work on.

As a society, we get a lot of surveys. Because if asking a small sample of consumers what they think of a product will give useful information, then asking a large group will surely give the survey takers an even better idea of what’s going on.

And so, we get surveys on the receipts at restaurants and home improvement stores. We get feedback requests from apps on our phones. (We probably get surveyed on drug store receipts, but it’s hard to tell with all the coupons.) And now we’re being prompted for feedback from the computer’s operating system.

Here’s how to (hopefully) remove that one: At least, until they add another survey tool.

  1. Go to the settings app (Windows key + I
  2. In the search, type “Feedback”
  3. Select “Diagnostics & feedback settings.”
  4. Scroll down. About 2/3 of the way down the page, you’ll find a box for selecting “Feedback frequency”, labeled “Windows should as for my feedback.” By default, this will say “Automatically (Recommended).”
  5. Change the setting to suit. (I chose “Never.”)

I’ll update this post as I find other feedback prompts to disable.

(Image by Pixabay user mohamed_hassan, used under the Pixabay license.)

Uncategorized

Why do DNS changes take so long to show up?

My project manager asked me yesterday, “Why do DNS changes take so long to show up?” We were in the process of moving a web site to a new server and he hadn’t expected it to take 90 minutes for all the traffic to move to the new server.

As background, let’s talk about what the Domain Name System (DNS) is for a moment. Every computer connected to the internet has a unique address, called an IP address. You can think of this as being similar to a telephone number. For www.example.com, the IP address is 93.184.216.34.

The problem with IP addresses is, they’re hard to remember, which is why we have a system of domain names (example.com) for groups of computers and host names for individual computers. This is similar to a person having a family name and a given name.

The DNS system is similar to your phone’s contact list. Most people don’t know all the phone numbers in their phone’s contact list; instead, they know to look up Bob Smith in the contact list and when they press the dial button, the phone looks up Bob’s phone number and dial’s 732-555-1234.

Similarly, when you type www.example.com into the web browser, your computer contacts the DNS system, looks up the IP address, and connects the browser to 93.184.216.34.

Rather than look up the IP address on every request, your computer will remember (or cache) the address for a while. How long it should remember the address is controlled by whoever owns the domain name, it can range anywhere from a few seconds, up to days or longer. Commonly, it’s set to several hours. This is called the DNS record’s “time to live.”

So if you run www.example.com and move the website to a new host (this could be a new hosting provider, or simply a new server at the same provider), part of the move will be to update the DNS system (contact list) with the new server’s IP address (phone number).

Because of the DNS time to live, other computers may continue to contact the old server until the DNS record expires, at which time they’ll look up the address again and find the new IP address. (This is an important consideration when moving a web application which maintains any sort of application state information.)

Bonus: Looking up IP addresses

Most Linux and OSX computers will have a program called dig installed. (Alternatively, you can also use the Dig tool from Google’s online “G Suite Toolbox”) You can use this to look up the IP address of any computer connected to the internet:

blair@Squawk:~$ dig www.example.com

; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16595
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;www.example.com.               IN      A

;; ANSWER SECTION:
www.example.com.        80319   IN      A       93.184.216.34

;; Query time: 7 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Tue Jan 14 02:01:45 EST 2020
;; MSG SIZE  rcvd: 60

blair@Squawk:~$

In the part labeled “;; ANSWER SECTION”, there’s a line which reads:

www.example.com.        80319   IN      A       93.184.216.34

The the server’s IP address is 93.184.216.34 and the computer will remember the IP address for another 80,319 seconds (about 22 hours). If you look up the same record several times in a row, you’ll notice that the number decreases over time. (It appears the record for www.example.com is configured with a time to live around 24 hours.)

Uncategorized

Considerations for Hosting a NODE Application

Spotted a question on Dev.to basically asking “How do you put a Node application in production?” and thought I’d copy my response here.

I’ll preface this by saying that although I’ve dabbled with Node, I don’t have anything in production right now that uses it. That being said, the way a Node web application runs – as a long-running external application instead of a module that’s part of the web server – is familiar enough for me to feel comfortable with the general principles.

How to use Node in production is actually a fairly broad topic, and a lot of it depends on exactly what the application is trying to do. It’s probably going to be useful to do some reading on Dev’s #node tag, but here’s my best high-level guidance.

Architecture
So, what’s your Node app doing? Is it running a public web site? Responding to URLs for a publicly available service? Or is it an application that your front end application just calls for specific calculations? This impacts literally everything else.

Hosting
A commodity PHP host won’t cut it for Node. You’re going to need one which allows for long-running applications. Generally that means a custom VM, or perhaps something that just allows you to deploy containers. That doesn’t have to be Digital Ocean or Heroku, though they do have the kind of set up you’re looking for.

Front end web server
There’s no requirement for a traditional web server, but it’s a common configuration. You can add middleware to Express to serve up static files, but it’s generally faster (and already written) to use Apache, Nginx, or something else to serve up files and act as a reverse proxy for the specific routes your application is handling.

Ports
This is a bit of a low-level implementation detail, but seeing as how others have touched on it…. I believe Express defaults to port 5000, but you can set it listen on whatever you want. If you’re using a front end server, you’d let the front end server handle port 80 and 443. If Express is handling all the traffic, then the Node app will need to handle those ports instead. (And note, I’m only assuming you’re using Express, that’s not required for a Node app that responds to HTTP requests; it’s just a very popular solution.)

Development vs. Production
I find it’s helpful if, to the extent possible, the development environment matches the production environment. You won’t install a compiler or an IDE on the production environment, but if the production environment will have a front end web server, it’s helpful to have the same front end web server running in the development environment. (I highly recommend you read about “The twelve-factor app for more about this topic, and other helpful guidance.)

Deployment
Automate all the things.” This has nothing to do with Node. If you can’t automate everything, automate as much as you can. Can’t use Travis, Jenkins, or a similar Continuous Integration tool? Go with a shell script.

I have personal experience with deployments which took three hours per environment and tended to result in production outage because the deployment instructions were a 12 page Word document. Those same deployments dropped to three minutes and stopped breaking production once we wrote a script to handle the config file changes.

Uncategorized

Turning off the Home Assistant Cloud integration

Over the New Year holiday, I resurrected the Raspberry Pi I’d been using for Home Assistant. It crashed in early 2019 and when a reboot didn’t fix it, I thought perhaps a power spike had killed the Pi. So I put it aside with the intent of reformatting the micro SD card to see if that would fix it, but then Drupal happened at work and I didn’t get back to it for a very long time.

The new theory is that the Pi is just fine and the memory card got corrupted. It’s up and running now with the latest Home Assistant on HassOS 3.7.

Things have changed in the past year and one of the things I noticed was that the default configuration.yaml had a lot fewer entries. That’s fine in itself, but when I went to the main Configuration screen, I couldn’t figure out how to turn off the “Home Assistant Cloud” integration – previously, you would turn that off by removing the cloud property from the configuration.yaml, but the new leaner version of the file didn’t have that entry.

I eventually found a forum post asking the very question on my mind: “How can I disable the cloud component?” The answer, it turns out, is to remove one of the few default entries in the configuration.yaml.

Near the top of the file, there’s an entry for default_config. What this does is automatically enable more than a dozen other configurations for things you’d most likely want to have: along with the cloud integration, it also enables the front end, history, logbook, system_health and more.

So what you can do is remove the entry for default_config and add back the integrations you want. Don’t want the cloud integration? Don’t copy it in.

Here’s the whole list, suitable for copy and paste to your configuration:

automation:
cloud:
config:
frontend:
history:
logbook:
map:
mobile_app:
person:
script:
ssdp:
sun:
system_health:
updater:
zeroconf:

A number of these weren’t in the configuration file a year ago, which meant they couldn’t be turned off. Now they can be, though you should definitely check the individual integration’s detail page to make sure you know what the consequences are – it might be better to remove them from the UI instead.

Uncategorized

Turn off Chrome notification pop-ups.

Talking to my Dad over the weekend, I learned he’d recently started seeing ads appear on his computer. These days, everyone’s used to seeing ads pop up in the web browser, but these were in the lower right corner of the screen, and would stick around if you moved the browser window.

My first thought was some sort of malware infection, but there didn’t seem to be any unusual processes running. The vital clue was when Dad mentioned that the ads only showed up when Chrome was running, and would disappear if you closed all the Chrome windows. An online search revealed a new suspect – Chrome’s browser notifications.

If you’ve used Chrome at all in the past year or two, you’ve very likely seen the browser display a message asking for permission from one site or another (or dozens) to display notifications. The idea behind notifications is that even if you aren’t actively browsing a particular site, you can still let it put up a message about an important update (e.g. event tickets going on sale). In this case, someone had decided to use notifications to display ads and Mom or Dad had accidentally given the site permission to display them.

Fortunately, once you know what’s going on, it’s pretty easy to turn notifications back off.

The steps below turn notifications off altogether; you should’t even be prompted anymore. I generally try to avoid distractions, but if you don’t want to turn them completely off, you can stop at step 6 to review and edit the list of sites where they’re allowed and/or blocked.

  1. In the upper right corner of the Chrome browser, click on the three vertical dots.
  2. Near the bottom of the menu, click settings.
  3. Scroll to the bottom of the page and click “Advanced.”
  4. Go to the “Privacy and Security” section and click “Site Settings”.
  5. Find the line for “Notifications” (there will be a small bell to the left).
  6. Click Notifications.
  7. At the top of the page, where it says “Ask before sending (recommended)”, click on the blue “slider” button.  It will turn gray.
  8. At the top, click on  the “Notifications” arrow.
  9. Click on the “Site Settings” arrow.

Done.

Uncategorized

Code Review Checklist

Recently, I’ve been doing code reviews for a group of junior devs. I’m pleased to have the opportunity, but I find we’re spending more time on fundamentals than the actual stories.

To address this, I’ve put together a checklist of things to check before submitting your code to be reviewed. It’s not meant to be exhaustive, just a short list intended to help us spend less time reviewing the basics and more on the parts the basics are supporting.

Are there other items you’d include on this list?

  • Is the code up to date with master?
  • Does the code run? Do all the tests pass? (This also means no “expected failures.”)
  • Do all the classes and methods have comments?
  • Have you removed all of your “debugging” code (e.g. System.out, console.log, or other platform equivalent).
  • There should not be any outstanding changes from previous reviews.
  • There should not be changes which aren’t part of the specific ticket you’re working on.
  • There should be no blocks of commented out code.
Uncategorized

Dynamic Type Selection in PHP

So, check out this block of PHP code:

class MyClass {
  public function doSomething() {
    echo "Hello there.";
  }
}
$class = "MyClass";
$method = "doSomething";
$instance = new $class();
$instance->$method();

The “new” statement is using a string variable to specify the class being instantiated! What’s more, on the very next line, another string variable is being used, this time to specify the method being invoked.

My background is C-like languages (C, C++, C# and Java), so I was somewhat surprised to discover that this not only executes, but does so without errors. Turns out, this is just how PHP’s new statement works.

In Java, you’d use Class<T> to get the class object, retrieve a specific constructor, and then call the newInstance method, passing any required parameters. So the above example would end up looking something like this:

package myprogram;

import java.lang.Class;
import java.lang.reflect.Method;

class MyClass {
    public MyClass() {}
    public void doSomething() {
        System.out.println("Hello there.");
    }

    public static void main(String[] args) {
        String className = "myprogram.MyClass";
        Class<?> class = Class.forName(className);
        MyClass instance = class.getConstructor().newInstance();

        Method method = class.getMethod("doSomething");
        method.invoke(instance);
    }
}

In a more complex code sample (e.g. passing arbitrary class objects into a method to be instantiated and used in a callback), the Java version has definite advantages in terms of compile time type checking.

But I can’t deny that the simplicity of the PHP version also has some appeal.

Uncategorized

Resetting Your Password

You can change your password on any enterprise system by following these simple steps:

  1. Login to the password reset page by answering security questions anyone with Google can look up.
  2. Generate a strong password, such as 
    yK5*BDbYv91xAaU!BukN
  3. Discover you can’t paste the secure password into the form.
  4. Click your password manager’s “Generate password” icon which generates a password into the field.
  5. Click Save.
  6. Discover that your password manager was blocked from saving the new password and that you no longer know your password.
  7. Discover that you can’t reset your password twice in one day.
  8. Email the system administrator, requesting that your account be unlocked.
  9. Login to the password page again, using those same easily Googable security questions.
  10. Set your password to 
    P@$$word123

(Pro-tip: Substituting a dollar sign for each ‘s’ makes it extra secure.)

Uncategorized

Composting

A while back, a friend posted on Facebook that her family was building a compost bin and she was looking for tips. She also mentioned that she was saving kitchen scraps (but no meat or dairy) and what do people think about the “compostable” bags?

Whoo. I try to be a well-rounded geek, and I spend a lot of time doing yard work, gardening, and of course, collecting leaves for the compost pile (to the point where in the fall, the neighbors have started bringing leaves directly to me, skipping the step where I “steal” them from the curb.

The quick version of what I posted on Facebook is:

  • No meat/dairy – because it attracts vermin, it attracts flies, and it stinks.
  • No kitchen waste – that’s apple cores, wilted lettuce, etc. Why? Because it attracts vermin. If you’re lucky, it’s just flies and mice. If you’re unlucky? Rats and raccoons.
  • The aforementioned kitchen waste is awesome however for a worm bin.
  • So what does go in the compost bin? Fall leaves, non-diseased pieces of non-woody plants, and more fall leaves.
  • Coffee grounds are also good in the compost pile. They help the leaves turn to humus much faster.

For the “compostable bags” though… it depends on what they are. If it’s brown paper bags, technically, you could compost them. But recycling is probably a better choice. (I’ve composted cardboard in the past, but unless you tear it up into small pieces, it’s gonna take a long time to break down And any other paper should definitely be recycled, with one exception: shredded newspaper is good for worm bins.

On other hand, if the bags are those so-called “compostable plastic” bags (or any other sort of “compostable” plastic), then they don’t belong in a home compost pile. Those things require an industrial composter and won’t break down in your garden compost pile.

Related reading:

If you’ve read this far, you could do far worse than to visit the You Bet Your Garden question of the week archive, type “compost” into the search box (the one in the middle of the page, not at the top), and read everything that comes up.

For starters, check out the Compost 101 article .

There’s a good starting point for reading about worm bins.

(Image by flickr user kake_pugh licensed via CC BY-NC-SA 2.0)