About

I'm Sunil Shenoy: a programmer, UI designer and a movie buff. I currently live in Mumbai,India.

Namaste. Be Good.

Projects
/now
Social
Travel

ADVERTISEMENT

DigitalOcean Affiliate Banner

Pixel Flood Attack

ImageMagick is a great tool which helps create, edit, compose, or convert bitmap images. If you use ImageMagick to resize images on your app server, then it’s good to have it configured to combat pixel flood attack.

#390 Pixel flood attack - HackerOne

I recently came across this issue for a service I help maintain and here are the steps I took to fix the issue.

Navigate to /etc/ImageMagick folder and find the policy.xml. It’s usually write protected.

Edit the file and add these lines.

<policy domain="resource" name="memory" value=“500MiB"/>
Set a limit on how much memory an image can occupy.

I have set it to 500 MB, but you should set it a limit based on your server and app requirement.

<policy domain="resource" name="width" value=“5MP"/>
Set a limit to how large a image you want ImageMagick to read in Mega Pixel format. This avoids excessive memory usage.

Megapixel calculator | toolstud.io should help convert Mega Pixel to width and height you want to support.

<policy domain="resource" name="time" value="120">
Set a limit on how long you want an ImageMagick process to last.

These three policy additions to policy.xml helped stop the flood attack for now.

Resources:

Flood pixel attack in Imagemagick - ImageMagick

::

Textmate 2

My first text editor when I started using Mac was Textmate 1. I had heard good things about Textmate from a few people I follow on twitter and they were indeed right.

Textmate is now considered an abandoned software by a lot of people, but it is far from abandoned. I wish macromates.com highlighted all the work in progress for Textmate 2.

Atom, Sublime Text 3, Visual Studio Code, WebStorm, PhpStorm and a whole lot of others alternatives now exist and I have tried them all. The editor I used the most other than Textmate, Visual Studio Code. If you are looking for an alternative to Textmate I would definitely recommend Visual Studio Code.

As for me, I am sticking with Textmate 2. It is under active development and getting better with each release. GitHub - textmate/textmate. Textmate just feels right to me. I like that Allan continues to focus on making the underlying editor better.

I do miss not having split screen editing and autocomplete suggestions for function. I really liked these features in Visual Studio Code.

::

Medium

Medium recently announced that it’s laying off 50 staff members to renew focus. Renewing Medium’s focus – 3 min read I have always liked Medium as a platform and continue to follow a few publications there.

Venture capital is going to murder Medium is a good post which talks about a few downsides of running a business with venture capital money.

Medium did get a few things right though:



I have been wanting to move this blog to Medium since a few months now, but following that post, will continue to host it on a VPS. I am looking at alternatives though. ghost.org being of top of the list to move to.

::

React Native

Cross platform mobile frameworks have always been how I built my mobile apps. A big reason for this being the team size I often work with. Building native for each platform was never an option.

My first mobile app 4 years ago was built using Phonegap, after which I have been using Ionic to build mobile apps.

Webview based apps never felt right though. Compared to native apps, apps built using Phonegap and Ionic could never achieve the same experience. I have been looking for an alternative since an year now before settling down on React Native.

React Native vs Titanium
If you are like me, you have asked Google this question.

Although I did look at Titanium to build my current app, Titanium always felt more of a package in terms of IDE, App Designer and MBaaS. I was looking for something more simple. A framework which let me build using my own editor(Textmate 2) and did not enforce(although not a mandatory requirement with Titanium) a whole lot of choices.

Day 1 and 2
Hoping to document my progress here as I continue to learn React in more detail.

Day 1:
Installed React Native, Components, ListView, ScrollView, Props and State.

Created the login screen for the app I am working on.

Day 2:
Navigators and Scene’s. Who knew moving from one state to another could be this tricky. Turns out I am not the only one.

Day 3:
Redux. For state management.

Resources I am referring to

React Native Docs

IDE

Textmate 2

::

Travel Diaries: Andaman n Nicobar Islands

I recently took a trip to Andaman with a few friends. If you have never been to Andaman before, I would definitely recommend going there, although I would advice against booking a package from one of the tour operators.

A photo posted by n@r@y@n@ (@narayanaprasadr) on

This was my first time taking a trip from a tour operator. We got the trip booked from Yatra.com and the operator there did ensure that we did not have a good trip. The hotel we got put up in was way really far from the city centre, the ferry tickets were always booked at the last moment and very little of planned for what we did the entire day.

Should we be blaming the local tour operator or the travel portal? As my friend said, it’s always the person who I booked from who will get blamed, in this case Yatra.com.

Andaman is a good place to to visit, if you want to disconnect
Really, there is almost no mobile reception. BSNL and Airtel are the two service providers, but even they only have a good cell reception with almost no mobile data facility.

Vodafone, although works well in Port Blair(again, without mobile data), but has no service in any of the other islands.

No phone calls and the smart phone battery lasted the entire day.

Beaches and the sea food
This sounds a bit obvious since Andaman is an island, but the beaches were clean and well maintained compared to some of the other beaches around India.

Avoid the food in the resort and try some sea food stalls around the beach. We had some of the best sea food by the beach in a small food stall.

Get a two wheeler and explore yourself
We spent most of the time exploring Neil island by ourselves rather than depend on the tour operator. The two wheeler ride and being able to spend as much time as we wanted at the beach was one of the highlights of the trip.

Chocolate Brownie
If you like chocolate as much as I do, do visit the Barefoot Bar & Brasserie restaurant in Havelock Island. One of the best choclate brownies I have ever tasted.

Happy New Year. Hope this year brings you loads of joy and happiness

::

Unwavering Focus

A really good TED talk.

We are never thought how to focus and wonder why we are distracted all the time.

I have started switching my phone to night mode from 12 PM to 5 PM every day and I also turn off notifications on my mac. This is my create time. I do miss a few calls and text messages, but its worth the trade off of getting good work done.

::

Three one

Crossing over to the other side of 30’s.

Mayur shared this image with me a few hours ago.



After watching this episode from friends, I used to always think this is how I would feel. Why God?! Why me? Let the others grow old.

But now that I am here, on the other side of 30s, I don’t feel this way. Each year has been better than the previous one and I can’t wait to see what's in store for next year.

I saw this video by Simon Sinek yesterday (you should watch it too) and I agree with a few things he said. Not everything is great all the time. And this held true for me this year. Not everything was great, but the bad outweighed the good and I hope that trend continues.

Work

I did some of my best work this year. Got to work on and solve some really interesting problems with some really interesting people and I did not know how the days and months went by. I even skipped gym for 4 months because there was too much good work waiting to get done.

Brightpod was definitely the highlight and we released some really good features this year. Timer, real time notification, better filters for projects and improved loading time thanks to Redis. Brightpod keeps getting better each week.

My goal this year was to release 2 iPhone apps and although I did work on two apps this year, one of them never made it past beta stage and the other will be released early next year.

Ionic, CakePHP, Redis, Laravel, Node.js(Botkit) and CodeIgniter are the tools I spent most of my time with this year.

Personal

"Exercise regularly" was high on my list of things to do this year. Although not regular I managed to maintain a healthy diet and exercise routine.

Getting to spend more time with my niece is also something I really thankful for. Coffee dates with her is a weekly highlight.

Most of my friends are married now or getting married soon(Hi Sanat and Prerna) and it’s great to see them with their partners and getting to spend time with them.

Got to attend a few weddings too this year. Archeet and Nikkis recently and looking forward to Sanat and Prenas wedding on Sunday.

Travel

This year has not been that great in terms of travel due to a financial setback in early January. But I still managed to travel to a few places.

Goa(twice)
Sweden
Norway
Denmark
Delhi
Hyderabad
Mahabaleshwar

Road trip in Sweden, Norway and Denmark was the highlight this year. Sweden and Norway are now on my list of countries I can live in. "How can people be so nice?" are words I kept repeating during the trip.

Context

I had a really interesting discussion with a friend last week about context. Now that I have had more time to think about it, I see what he was getting to. Not everyone will get your problems / topic of discussion, if they don’t have context about where you are in life. Everyone’s at a different stage in their life and when you share your story, the one’s who are able to understand are people who have similar context to you.

Next Year

So much more to write, but this already seems like a long post. Things I want to do in 2017:

Focus on a few things.
Exercise and write a blog post every day.
Launch and maintain one web app and one mobile app
Travel to at least 4 new countries.
Make time to date someone seriously.
Spend more time with family and friends.

Hope you all have a great 2017.

::

Migrating from Site5

Following my previous post about server setup for web applications, I have now moved this blog from Site5 to DigitalOcean.

I have been using a shared hosting account with Site5 since 3 years now and 2 days ago the cPanel account at Site5 got hacked compromising my blog and a few other client projects I was supporting.

Since I did not hear from Site5 and their support has been non responsive, I decided it was time to move this blog to DigitalOcean, a service I have been using and recommending quite a lot.

Not being great at customer support is no longer an option. I always wonder why more companies don’t invest resources in hiring the best support staff. Any response is better than no response at all.

::

Server Setup For Your Web Application

I have been wanting to write about server setup’s for web application since a long time, but I found this article today written by DigitalOcean which does a better job at explaining common setups.

5 Common Server Setups For Your Web Application

Most of my setup’s today are Separate Database Server, but I am looking into adding a load balancer to the setup soon.

DigitalOcean is my recommended hosting provider. Do give them a try if you looking to setup a server for testing /production of your application. I am slowly moving all my projects there. Here is my affiliate link.

::

Last minutes changes

You’ve spent a week or two working on this feature. You’ve spent time testing it and everything seems to be working well. You have a launch date set and it’s finally the day to deploy.

You go over all the updates one last time and discover a few things which need to be updated. Last minute changes are almost never welcome. Do you hold the launch or launch it knowing that the feature is missing a few details?

Facing the exact situation yesterday, I decided to do the latter. Launch, knowing that the feature is missing a few details. If the changes were critical I would have delayed the launch but these were not critical changes.

The good part about software is that you can always roll out the next update the same day. I am updating the feature again today. All the issues from yesterday’s list are now fixed.

::