Harry Bailey

Harry Bailey works directly with agency leaders to improve how delivery works — helping them understand what's driving overruns, rework, and delivery friction, prioritise what to tackle first, and build the habits and ownership that make improvements stick. With more than twenty years in project delivery, agency leadership, and operational change, he brings hands-on support to the people and practices at the heart of how growing agencies deliver.

Remote connection to AWS bitnami lightsail LAMP MySQL

I’m using Sequal Pro here, but this should work for almost any connection. I’m also going to lock to a single IP for security. You could us ‘%’ for any IP, but I wouldn’t recommend it if you are on a static ip at home of at work.

Log into ssh for the relevant LAMP instance using the browser tool on the Lightsail dashboard.

cat bitnami_application_password to get your application password. Copy it somewhere as you’ll need it shortly.

Run nano /opt/bitnami/mysql/my.cnf
Comment out the line that starts with bind-address. So #bind-address...
Exit and save the file.

For MySQL < 8 – update mysql permissions for root remote access with

/opt/bitnami/mysql/bin/mysql -u root -p -e "grant all privileges on *.* to 'root'@'1.2.3.4' identified by 'PASSWORD' with grant option"

Replace 1.2.3.4 with internet connection IP address. Replace PASSWORD with the password you copied above.

For MySQL 8 we have to create the user first

/opt/bitnami/mysql/bin/mysql -u root -p -e "CREATE USER 'root'@'1.2.3.4' IDENTIFIED BY 'PASSWORD';"

/opt/bitnami/mysql/bin/mysql -u root -p -e "grant all privileges on *.* to 'root'@'1.2.3.4' with grant option";

Restart mysql with sudo /opt/bitnami/ctlscript.sh restart mysql

Copy the IP address of your Lightsail instance. You may want to add a free static IP address, else the IP will change on restart and all this work will need doing again.

In Sequal Pro choose to add a new connection. Select the SSH tab. In both hosts, put the IP of your Lightsail server.

In mysql username put root and in password, put your password from above.

In ssh username put bitnami and in password, put your password from above.

Click to test your connection. All should connect as expected.

You’ll now need to add a database etc. Enjoy.

Helpful? Say thank you.

Help me keep these guides up to date by showing your apprechiates with a small donation. Scan the QR code below, or buy me a coffee here.

Android App URL Schemes

This is a functioning AndroidManifest.xml for linking via a local url scheme. In this case appname:// with any (*) following path

To test this you have to redirect to it. Chromium at this time does not understand or process app url schemes. So a 302 redirect from a trusted publicly available url is the best method for testing.

Note how the second intent-filter here is still inside the .MainActivity <activity>

Different categories and an additional <data> tag are used.

<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    package="com.appname">

    <uses-permission android:name="android.permission.INTERNET" />
    <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" /> 
    <uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW"/>

    <application
      android:name=".MainApplication"
      android:label="@string/app_name"
      android:icon="@mipmap/ic_launcher"
      android:allowBackup="false"
      android:theme="@style/AppTheme">
      <activity
        android:name=".MainActivity"
        android:label="@string/app_name"
        android:configChanges="keyboard|keyboardHidden|orientation|screenSize"
        android:windowSoftInputMode="adjustResize">
        <intent-filter>
            <action android:name="android.intent.action.MAIN" />
            <action android:name="android.intent.action.DOWNLOAD_COMPLETE"/>
            <category android:name="android.intent.category.LAUNCHER" />
        </intent-filter>
          <intent-filter android:label="@string/app_name">
              <action android:name="android.intent.action.VIEW" />
              <category android:name="android.intent.category.DEFAULT" />
              <category android:name="android.intent.category.BROWSABLE" />
              <data android:scheme="appname" android:host="*" />
          </intent-filter>
      </activity>
      <activity android:name="com.facebook.react.devsupport.DevSettingsActivity" />
    </application>

</manifest>

Pressure and pragmatism lead to more progress

There are reasons that tight deadlines and huge pressure often get results.

The first is that people get immediately more pragmatic about what the actual requirements are, and agree to do less. Less can be done more quickly, and completed items are less likely to be subjected to a full loop of subjective tinkering.

The second is that when faced with a deadline, and some pressure to achieve it, people focus on just the single most important task.

The single most important thing to do right now is abundantly clear in these high pressure situations.

Continue reading →

Supporting Manchester Metropolitan University

In 2007, when I was still pondering over what to do with the rest of my life, I was encouraged by family to become a resident of Manchester Metropolitan University’s business incubator.

At the time it was called Innospace and based near the coach station in the centre of the city centre. Although the space was pretty basic, the support was great, networking with other small exciting businesses was unavoidable and the rent was almost zero.

Fast forward ten years and after occasionally keeping in touch with the team who kept Innospace ticking over, I decided it was time to give something back for all the support I was given when first finding my feet in business.

So for a few years now I’ve been speaking to MMU business school students about my story and how I’ve managed to enjoy working for myself and running my own companies for so long. The first couple of years of talks I stuck to my own experiences and failings. In the last couple of years I’ve broadened my presentations to be about specific learnings or recommendations. Life skills and awareness. What a student’s expectations should be and what abilities they should nurture to support their own journey.

This year I’ve stepped my support up again. I’ve squeezed in two talks to students and also taken part in the yearly dragons’ den event.

My first talk was called “Doing Less”. As the title suggests it is about creating a successful business without burning yourself out. Retirement in its current form is unlikely to exist when these people reach retirement age, and a more balanced life, with flexibility, quality of life, and treating money as a tool rather than a target is required.

The second was on bootstrapping a business. Only a small percentage of new businesses are funded by banks and investors. This talk is about the opportunities, limitations, pitfalls and benefits of starting with nothing and building a business yourself.

The dragons’ den final was a pleasure to be a part of. Hosted at BManchester—a new banking concept from the group which includes Yorkshire Bank—on Market Street Manchester, it was a modern and relaxed feeling with various experienced and insightful judges at my side.

The 7 teams offered a range of business ideas. The quality of business strategy and presentation was high, and the judging was tough.

We finally agreed upon two highly commended businesses and a winner. We also commended three individuals on various aspects of their approach to the process.

I’ve enjoyed all aspects of the support I’ve been able to offer MMU in 2019. I see it as a personal responsibility to give back to those who’ve supported me, and to offer insight and knowledge which helps Manchester to continue to encourage small businesses to be founded and thrive.

I’m looking forward to supporting MMU again next year, and other institutions and organisations in the near future.

Security of WHM backups to an AWS S3 bucket

When you give your Web Hosting Manager (WHM) the ability to send a copy of your backup to Amazon’s AWS S3 service, you have to hand it a Key and Secret that give it that permission.

The worst option is to hand over a Secret and Key related to your own log in.

The best is to:

Create a policy which
- Only gives access to a single bucket
- Only allows the least access required for the task
- Only allows connections from trusted IP addresses
Create a Group to connect the policy to
Create a user (for the WHM) to connect to the group

For validation of connection to S3 WHM currently requires the ability to write objects, list all objects in a bucket, delete objects. Now for some this is frustratingly more than you want to hand over. In theory WHM could make do with just the ability to write to the bucket, but at the moment we have to make all those abilities available.

Luckily, the fact we’re also limiting by IP and then Secret and Key—which WHM encrypts when you submit them—should make it highly unlikely anybody else will be able to abuse the ability to delete objects.

Here is the example policy that I have in place. Feel free to copy, personalise and use:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "WHMBackupAccess",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:ListBucket",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::YOUR_BUCKET_NAME",
                "arn:aws:s3:::YOUR_BUCKET_NAME/*"
            ],
            "Condition": {
                "IpAddress": {
                    "aws:SourceIp": "YOUR_SERVER_IP/32"
                }
            }
        }    
    ]
}

If you’re in need of help putting this all together, let me know and I might expand this post to include how to do the setup inside WHM and the AWS console.