Michael de Silva's Blog

Software Engineer. Rubyist and Roboticist.

Michael de Silva's Blog

Software Engineer. Rubyist and Roboticist.

Got an app in mind?

Since 2010, I have crafted apps for mobile and web for clients around the world via my consultancy — Inertialbox. My specialities include Rails, client-side Javascript frameworks such as Backbone & Ember.js, TDD/BDD, and DevOps — just to name a few.

We should talk.

HOWTO Ubiquity EdgeMAX Ad Blocking Content Filtering using EdgeRouter

Adblock 750x500

Ubiquity EdgeMAX Ad Blocking Content Filtering using EdgeRouter

This is based on a guide on the Ubnt forums.

Log into your Edgerouter and run the following - sudo -i && vi /config/user-data/update-adblock-dnsmasq.sh This will switch you to the root user and open up vi.


#The IP address below should point to the IP of your router or to

curl -s $ad_list_url | sed "s/127\.0\.0\.1/$pixelserv_ip/" > $temp_ad_file

if [ -f "$temp_ad_file" ]
        #sed -i -e '/www\.favoritesite\.com/d' $temp_ad_file
        mv $temp_ad_file $ad_file
        echo "Error building the ad list, please try again."

/etc/init.d/dnsm ...(continued)

How to Secure Your Raspberry Pi with Wifi in 15 minutes

170705152841 cyber attack 1 780x439

It's best to start off by installing Raspbian onto your Raspberry Pi — which can be accomplished a couple ways. You can install it with NOOBS or download the image and follow the installation guide.

If you download the image directly, it's a simple matter of using Etcher or using dd in Linux/Mac to burn the image to an SD card.

Getting Started

Start off by running the configurator with raspi-config.

Let's start by running some updates and installing some handy tools — these are some of my favourites and I can't do without them -

apt-get update -y && apt-get install -y \
  curl \
  wget \
  git \
  vim \
  htop \
  tmux \
  unzip \
  libssl-dev \
  libffi-dev \
  python \
  python-dev \
  python-pip \
  python3-dev \ ...(continued)

TIL Setting up my FreeNAS 11 Xeon Server

20393783 109952109648900 6213395819798724608 n

Earlier in June, I set about designing and setting up a FreeNAS server, in preparation to migrate away from my existing dual-Synology RAID based system(s) in place.

My primary Synology unit is a 5-bay DSM1515+ with 5x WD Red Pro 4TB drives, configured with a RAID5 array. This is actually a mistake that I initially made when setting this up, driven at the time by cost motivations to provide the most 'available space' with 2-drive failure redundancy.

I would also replicate and backup data to a second 8-bay DSM1815+ with 6x WD Red Pro 4TB drives. This unit would auto-power on between 1-6am to run all the backups and syncing/replication.

Why RAID5 should never be used.

What I did not know at the time, and really should have, was that RAID systems are typically prone to failing at the time of resilvering (or rebuilding) an error at the time of recovery. Assume you have a RAID5 array, and a single drive dies; you insert a replacement drive, and it is at t ...(continued)

Docker Mac ~ Running Out of Space with "no space left on device”

Having upgraded my local install to the Community Edition (stable), I ran into a scenario where I was receiving a confounding "No space left on device error" error.

Interestingly it seems Docker CE for Mac by default has a max-capacity of 64GB only.

-> % ls -lah ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/Docker.qcow2
-rw-r--r--@ 1 mike  staff    64G 25 May 10:35 /Users/mike/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/Docker.qcow2

-> % docker run --rm ruby:2.3.3 df -h
Filesystem      Size  Used Avail Use% Mounted on
overlay          63G   34G   26G  57% /
tmpfs          1000M     0 1000M   0% /dev
tmpfs          1000M     0 1000M   0% /sys/fs/cgroup
/dev/vda1        63G   34G   26G  57% /etc/hosts
shm              64M     0   64M   0% /dev/shm
tmpfs          1000M     0 1000M   0% /sys/firmware

We can get around this by replacing the original template with a new one, with a size of our ...(continued)

Enabling WOL (Wake on Lan) in Ubuntu 16.10

To enable WOL support, first restart your system and enter the EFI firmware (also called the EFI "BIOS" as a misnomer!). I'm running Asus systems at home, and quite honestly, their new EFI UIs are pretty slick.

In any case, head over to Advanced > APM. In this view, Power On By PCI-E/PCI should be set to enabled. Couple examples of this view are shown below

Now restart your system once more and boot into Ubuntu.

In a terminal run sudo ethtool <interface> where you can find the correct interface via ifconfig -a — obviously pick the one showing the correct IP. At the bottom, you want this output to show Wake-on: g since this indicates wake on Magic Packet is enabled.

mdesilva@skylake:~ sudo ethtool enp0s31f6
[sudo] password for mdesilva:
Settings ...(continued)

Your Company’s Culture is Who You Hire, Fire, and Promote

I just stumbled on 'Your Company’s Culture is Who You Hire, Fire, and Promote' by Dr. Cameron Sepah, and found his thoughts and advice on values to assess during an interview to be excellent!

Not only that, but he also links to a fantastic spreadsheet for download covering Traits to Assess During an Interview.

The moment that leaders start weighing values-congruent against values-incongruent behavior, as if they balance out, is the moment when they have compromised their values.

This is most certainly a must read!

HOWTO Secure Docker & Prevent Leaking Access to Hackers

Docker needs to be configured to prevent leaking container ports to the outside world and there are two approaches, depending on your version of Ubuntu installed.

For sysvinit and upstart based systems, you can edit /etc/default/docker and change the docker options ENV var to DOCKER_OPTS="-r=false --iptables=false".

Since I'm using Ubuntu v16.x LTS running systemd I performed the following

$ mkdir /etc/systemd/system/docker.service.d
$ cat << EOF > /etc/systemd/system/docker.service.d/noiptables.conf
ExecStart=/usr/bin/docker daemon -H fd:// --iptables=false

$ service docker restart

Initially, nmap reported this port as open 6379/tcp open unknown, however, with the above service drop-in activated by restarting the docker service and ensuring ufw is active, this port is now shown as filtered (since ufw blocks all non-whitelisted inbound access) — ...(continued)

Twitter's Service Worker code, I just stumbled on it

Screen shot 2017 01 17 at 23.39.53

Well, twitter died on me and I was interested in some parts of the UI and went spelunking with Chrome dev tools.

Realised they were running service workers and here's the code in all its glory. I've linked to a Gist that also has the .coffee Coffeescript version.

Cookies and Session Management in NodeJS

Here's a snippet from a recent NodeJS app with Express



var session_secret = process.env.SESSION_SECRET;
  secret: session_secret,
  store: new RedisStore({
    port: 6379
  resave: true,
  saveUninitialized: true

 * Load current user from session.
app.use(function (req, res, next) {
  req.user = req.session.user;

   * Help troubleshoot cookies
  // if (app.get('env') === 'development') {
  //   console.log('Session ID: ', req.sessionID);
  //   console.log('Cookies: ', req.cookies);
  //   console.log(req.session.cookie);
  // }

  // if (app.get('env') === 'development') {
  //   console.log('Logged in user set as ', req.user);
  // }

  return next();

Uncommenting the troubleshooting middleware, yields the following debug info. Notice how the session ID is stored by way as part of the cookie sid. The [format used is `[sid].[signa ...(continued)

Rapid Learning: Google App Engine (GAE) Cloud Apps (in Python)

I like to look at new technologies (at least new to me, in the sense that I haven't tinkered with something directly or long enough — and long enough usually equates to at least one to two years) and YouTube is a fantastic resource, especially channels such as the excellent Google Chrome Developers.

This is a very short series where Paul Lewis provides a walk through on how he goes about to build the Chrome Dev Summit site — what's great is this is full of great advances such as Service Workers a la Polymer and so many other fun stuff.

What's interesting though, is there are some valuable frontend juju that Paul uses, that I haven't seen (or thought of!) before, especially some fantastic use of SVG and clip-path.

For the purposes of this blog post, and for my initial poking about, and given that I haven't had ti ...(continued)

Extending nvie's Successful Git Branching Model

Recently I've been working on a project where certain devs are not privvy to client-specific details, and this aspect has lead to a rather interesting build workflow.

As such, devs are only able to build debug specific Android releases, and release type releases for debugging purposes. However, actual release-builds require certain changes to the specific app Gradle config, and this is why I am maintaining a dedicated release branch alongside dev. It should be noted, that the release branch was infact a fork of dev.

This workflow is based on the excellent Successful Git branching Model by nvie and cutting a release has a couple extra steps.

-> % git co dev
-> % git co -b release-0.1.7
Switched to a new branch 'release-0.1.7'

-> % mvim CHANGELOG.md

-> % git st
## release-0.1.7
M  MyApp/app/build.gradle

-> % git c "Bump version for release"
[release-0.1.7 0 ...(continued)

Post Archive