Perl Sample Code for Geolocation Lookups with MaxMind GeoLite2

There’s been a lot of changes with MaxMind’s GeoIP database:

  1. You must register for an account to download databases.
  2. The database format was changed from GeoIP to GeoIP2. The free databases are called GeoLite2.
  3. Older lookup APIs no longer work, so you must update your libraries and source code.
  4. The new API supports both IPv4 and IPv6.

There’s a lot of obsolete and unclear examples online.

Here’s complete, tested perl sample (March 2020):

#!/usr/bin/perl

use strict;
use warnings;

use GeoIP2::Database::Reader;

my $ip = "2607:f8b0:4005:804::200e";
my $db = "/usr/share/GeoLite2/GeoLite2-City.mmdb";

# MaxMind's placeholder coordinates for when a geoip lookup fails
my $nf_lat = '37.751';
my $nf_long = '-97.822';

my ($lat, $long) = (0, 0);

eval {
    my $reader = GeoIP2::Database::Reader->new(
       file => $db, locales => ["en"]
    );
    my $where = $reader->city( ip => $ip );
    my $location = $where->location;
    ($lat, $long) = ($location->latitude, $location->longitude);
};
if (@! or ($lat eq $nf_lat and $long eq $nf_long)) {
   print "error: lookup failed on '$ip'\n";
}
else {
   print "$lat, $long\n";
}
$ perl test_geoip2.pl

metacpan.org: GeoIP2::Database::Reader
perladvent.org: Where in the World?

Posted in Open Source, Perl, Tech | Leave a comment

Can Web Apps Rot?

Can Web apps rot?

Why yes, yes they can, mainly if you rely on cloud integrations.

Just looking at an old web app (finished 18 months ago) recently and found the following:

  1. Twilio changed an API path (SMS/Messages => Messages), and restricted their free tier to one “sandbox” phone number for receiving messages. Note: Plivo’s free tier works the same way.
  2. Firefox made CORS more restrictive. The same code still works on current versions of Chrome and Safari, but no amount of configuration changes allows Firefox to call another domain from the current Javascript on my domain:

    Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at []. (Reason: CORS request did not succeed)

  3. Google Maps changed their free tier, darkening the map and overlaying a dialog box until a credit card is provided. So I migrated to free OpenLayers, the OpenStreetMap API.



Free Tier After ToS Change Requiring Payment Method

Posted in API Programming, Cloud, Tech | Leave a comment

Korg ARP 2600 Synthesizer Available Again




ARP 2600, new! lol.

It was the first portable (van instead of truck) synth, and used in the original Star Wars movie for the “voice” of R2-D2.

ARP went out of business after some failed products, and Korg bought them.

Behringer is also doing a more affordable and compact 2600 version.

Behringer 2600 First Demos and Overview

The ARP 2600: The Story of a Legendary Synthesizer | Reverb Feature
W: ARP 2600

Sweetwater Demo – Daniel Fisher: “I’m playing with a prototype here.” lol. How can you tell?

Arturia ARP2600 V Analog Synthesizer Software Instrument

Posted in Tech, Toys | Leave a comment

Meetup: New Security Features in Redis 6

Redis Labs Security Product Manager Jamie Scott talked at the Redis Meetup today about “New Security Features in Redis 6 Open Source.”

Because of the Corona virus, the lecture was streamed on Youtube instead of presented to a live audience in the Redis Mountain View office.

The new security features in Redis 6 are:

  1. ACLs – defines users, passwords, access. Errors are logged and viewable.
  2. TLS now built-in, so stunnel, etc. no longer needed. Available for client, cluster and replication encryption.

Combined with Redis databases and namespaces, ACL users provide granular authentication and permissions.

Slides

James’ Comments on Compliance

From a security compliance standpoint, the new Redis security features help with:

  1. TLS addresses the encryption-in-transit requirement. Some stunnel users reported that it was 3x slower than patching TLS libraries into the Redis server directly, so this is a huge win considering that for many users, Redis is used as a high-performance cache. It also provides another option to paying for Enterprise or AWS Elasticache licenses.
  2. ACL users address the requirement to not use administrative passwords and to have least-privilege
  3. ACL users potentially address the key rotation requirement, if you add a new user/password, then expire the old user/password on a schedule. This would avoid caching layer interruption during the switchover, and lets you use infrastructure-as-code tools to first add the new user/password, then lazily update the application configuration to use the new credentials in the next release, then later drop the old user/password.

(Box wrote a proxy to accept remote TLS connections, then talk to Redis server on localhost. The proxy also managed password rotation by allowing old and new passwords during password rotation.)

mikeperham.com: Storing Data with Redis (2015)
zdnet.com: SXSW, Google I/O, Facebook F8 and more 2020 tech conference cancellations and travel bans due to coronavirus fears

Redis Labs, Inc
700 E El Camino Real #250 ยท Mountain View, CA
Posted in Open Source, Tech, User Groups | Leave a comment

Music: Affordable Guitar Rack

I recommend ebay seller alienbid’s “New 9 Folding Multiple Guitar Bass Holder Rack Display Stand Black” if you need an affordable guitar rack.

It’s about $19.79+tax, including free delivery.

The rack is well-made from steel, and is strong. It feels like a precision instrument as you thread the bolts into place. No tools are needed, as the bolts are thumb screws.

No extra parts are included. There is a half-page assembly guide but it’s not that helpful. I recommend having somebody help with holding parts during assembly. That way you will save a lot of time and avoid stripping any bolts.

I’d prefer if the neck dividers were cupped instead of pegs. Currently I use padded mailing envelopes to ensure there’s no “stand rash” in case a guitar twists sideways and touches the next one.

I stripped one “bracket screw” during assembly, so I sent an ebay message to the seller. He replied the next business day (in the morning), and I received a complete set of bracket screws in a bag via USPS five calendar days later for no charge. I consider that excellent customer support.

It’s steel, so requires no maintenance, although I’d avoid direct sunlight on the foam parts.

I have no idea how they can make or ship this for $20. I should get a second one. ๐Ÿ™‚

Trogly: Gibson Zither Single Guitar Stand Review (requires oiling, humidity control and avoid direct sunlight. Nitro-safe’ish. $200 and up.)

Posted in Tech | Leave a comment