Setting Up an SSL Certificate With Certbot

Vince IarusciDevOps, LearningLeave a Comment

Certbot is an easy-to-use automatic client that fetches and deploys SSL/TLS certificates for your webserver. Certbot was developed by EFF and others as a client for Let’s Encrypt and was previously known as “the official Let’s Encrypt client” or “the Let’s Encrypt Python client.” Certbot will also work with any other CAs that support the ACME protocol.

Webserver

To enable HTTPS on your website, you’ll need to lookup what webserver and OS you’re running on your server.

To lookup the server version, run the following command:

root@server:~# cat /etc/*release
PRETTY_NAME="Debian GNU/Linux 8 (jessie)"
NAME="Debian GNU/Linux"
VERSION_ID="8"
VERSION="8 (jessie)"
ID=debian
HOME_URL="http://www.debian.org/"
SUPPORT_URL="http://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

Install

To get the instructions on installing the HTTPS certificates, go to the Certbot site (https://certbot.eff.org/) and select the web server and OS for the required certificate.  In our case, we are using the Apache web server on the Debian OS.

Download Certbot

Run the following command on your server to download an up-to-date copy of the Cerbot software:

root@server:~# wget https://dl.eff.org/certbot-auto
root@server:~# chmod a+x certbot-auto

Auto Install of Certificate with Apache Configuration

Certbot has an Apache plugin and automates certificate installation. Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it.  Use this approach if you are doing a fresh install on a new server with one domain.

root@server:~# sudo ./path/to/certbot-auto --apache

Follow the instructions on the screen.  Enter the domain names for your site as follows:

Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c' to cancel): 
www.yoursite.com, yoursite.com

Auto Install of Certificate Only (Manual Apache Configuration Needed)

Install the Certificate

Running this command will get a certificate for you but will not configure Apache. When using the certonly option, a manual configuration of Apache for each of the website domains is needed.   An example would be if you are installing new websites on a server that already has other websites with ssl certificates installed.

root@server:~# sudo ./path/to/certbot-auto --apache certonly

Follow the instructions on the screen.  Enter the info as follows when prompted for the domain names:

Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c' to cancel): 
www.yoursite.com, yoursite.com
Configure Apache

Download a copy of the yoursite-ssl.conf file here and open it with a text editor.  Replace all instances of <yousite> with the name of your site domain.

The conf file for yoursite then needs to be added to the following locations:

etc/apache2/sites-available
etc/apache2/sites-enabled

Use the scp command or an ftp client like Filezilla to upload the conf file to the locations

Automating the Certificate Renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let’s Encrypt certificates last for 90 days, it’s highly advisable to take advantage of this feature.

Create a new folder for the cert renewal script.

root@server:~#: cd /srv 
root@server:~#: mkdir cert_renewal

Add the following code to a new file and save it as cert_renewal.sh.  Save it into the /srv/cert_renewal folder on the server.

#!/bin/bash
# Runs the renewal check for the Certbot Let's Encrypt ssl certs
cd /srv/cert_renewal
./certbot-auto renew 

Configure the Cron Task

root@server:~# crontab -e

Configure the file so that it looks like the following…

SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
# For details see man 4 crontabs
# Example of job definition:
# .---------------- minute (0 - 59)
# |  .------------- hour (0 - 23)
# |  |  .---------- day of month (1 - 31)
# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# |  |  |  |  |
# *  *  *  *  * user-name  command to be executed
# run Certbot Renewal (Run daily at 2:00am)
*  2  *  *  *  /srv/cert_renewal/cert_renewal.sh

The cron entry image above shows that the schedule for the cert_renewal.sh runs each  day at 2:00am

Additional documentation – Configuring Cron Tasks

Let’s Encrypt Logs

You will find the log that shows the renewal events in the /var/log/letsencrypt location.  Here is a screenshot…

Backing Up and Restoring WordPress Sites – OVH

Vince IarusciDevOps, LearningLeave a Comment

Backing Up the OVH Website Server(s)

In our company, we host multiple WordPress sites on the same OVH VPS host.  This has it’s advantages however if the there are issues with our server we could have 3 sites down at the same time.  To avoid any downtime for our websites, we came up with this 2 tiered approach to backing up our WordPress sites on an OVH VPS server host.

The strategy includes creating a snapshot to save the latest installation of the OS, Apache2, Wordpress and the MySql database software.  Any other configurations are also be captured. e.g. ssl certificates

System configuration changes are not as frequent as the changes made in the website domains.  Website content and the associated database changes are done daily and these changes include updates to content, plugins, themes, uploads, database and other files. These domain changes are backed up weekly using the schedule in the UpDraftPlus Wordpress plugin.

Using the 2 tiered strategy will shorten the time it takes to restore a website or the entire system when there are server problems or malicious attacks.

VPS Snapshots

Snapshots are enabled for the VPS environments.  Currently, snapshots on each vps server need to be done manually. Reminders should be set-up for the admin to manually run the snapshot when needed.

The current strategy will be to create the snapshots before and after a software update or migration. In the event of a failed update, the server will be rolled back to the last restoration point of the snapshot. When the software update is successful, an additional new snapshot will be taken of the os/code version so that there’s a backup until the next update. Using this strategy allows you to do a “redo” if something goes wrong between updates.

Create a Snapshot

Only one snapshot can exist at a time. To create a new snapshot, you need to select the “Delete The Snapshot” option and delete the existing snapshot. You will then have the option to create a new snapshot of the server to capture the latest changes.

Restore a Snapshot

To restore the server to the last saved snapshot, you will select the “Restore the Snapshot” option from the user console.  Note that restoring a snapshot will overwrite any changes made since the last snapshot was taken.

Image of OVH Console

UpdraftPlus Backups

UpdraftPlus is a Wordpress plugin used to backup each website’s database and content. Backup into the cloud directly to Dropbox, Google Drive, Amazon S3 (or compatible), UpdraftVault, Rackspace Cloud, FTP, DreamObjects, Openstack Swift, and email. The paid version also backs up to Microsoft OneDrive, Microsoft Azure, Google Cloud Storage, Backblaze B2, SFTP, SCP, and WebDAV.

The following steps must be done for each installed Wordpress website.

Setting up The Backup

Scheduling the Backup

Select the Settings tab and set the files and database frequency.  In our case, we set the files backup schedule to weekly with a retention of 2 backups.  (goes back 2 weeks).  Change yourschedule to daily when content is updated more frequently

 

Set the remote backup location

Saving to Google Drive

Note that the save location must have the sufficient space to save the required backups.

Settings
Google Drive Folder: UpdraftPlus
Include in Files Backup: Select Plugins, Themes & Uploads.  Check - "Any other directories found inside wp-content"

Click Save Changes.  This will prompt you to select and sign into the Google Account.  Once you have authenticated to the Google account, the set-up is complete.


Restoring the Website Server(s)

Steps to restore are:

  1. Identify the issue for the failure.
  2. Restore the VPS Snapshot (If Needed)
  3. Restore the UpdraftPlus backup for the affects website domain(s).

Identify the Failure

It’s important to identify the root cause of the issue so that any failed software or hardware configurations are fixed properly or any malicious attacks are avoided by hardening the server to eliminate vulnerabilities.

If a migration or upgrade of the system has made the server unresponsive, it’s important to identify the components that have caused the failure so that the errors can be avoided on the reinstall.  If the server has been hacked, the hack method, (sql injection, security breach, password exploit etc,) must be identified and fixed. Failing to do this will only invite the same hack.

Restore the VPS Snapshot (If Needed)

Snapshots are enabled for the OVH VPS environments.  The current strategy involves creating the snapshots before and after a software update or migration. In the event of a the failed update, the server is rolled back to the last restoration point of the snapshot. If the software update is successful, an additional new snapshot will be taken of the os/code version so that there is a backup until the next update.  Using this strategy allows you to do a “redo” if something goes wrong between updates.

Restoration of the snapshot is not necessary when the restore is limited to the recovery of the website content only.

Restore a Snapshot

To restore the server to the last saved snapshot, you will select the “Restore the Snapshot” option from the user console.  Note that restoring a snapshot will overwrite any changes made since the last snapshot was taken.

Image of OVH Console

UpdraftPlus Backup Restore

UpdraftPlus is a Wordpress plugin used to backup each website’s database and content.

Follow these steps for each installed Wordpress website when restoring with the VPS Snapshot.  If you only need to restore the content for a specific domain, restore only the UpdraftPlus backup for that Wordpress domain.

Restoring The Website Backup

Select the Backup/Restore tab and select the Restore button for the backup that you want to restore.

Select the components that you want to restore.

Worst Case Scenario

If for some reason you’ve had a catastrophic failure on your server and your not able to restore from any of your backups, follow the instructions on how to Install Multiple WordPress Sites on a Single Host.

Install Multiple WordPress Sites on a Single Host

Vince IarusciDevOps, LearningLeave a Comment

Overview

WordPress (WordPress.org) is a free and open-source content management system (CMS) based on PHP and MySQL.  This article will walk you through the steps to host two or more separate WordPress instances on one VPS.  Note that this is different from setting up multisite.

In our company, we’ve successfully installed 3 sites on one VPS host.  We’re using an OVH VPS server at a cost of about $5 bucks CAD a month.  That works out to about $1.70 per site.  Based on the size and traffic to your sites, you may need to upgrade the size and storage of the VPS.

In our examples below, websites The Force (www.theforce.com domain) and The Dark Side (www.thedarkside.com domain) are installed. If you need to add more sites on the same server, just repeat all these steps for the additional server.  The steps for the installation are done from the command line but many of the steps can be done using an ftp client like Filezilla. Feel free to use an ftp client if it simplifies your install.

*Note that these websites are for demo purposes only and any reference to any existing websites or users is co-incidental. 

Our Server Environment

These instructions will work for most Linux type operating systems.

Operating System: Debian GNU/Linux 
Version: 8 (jessie) 
Hostname: server.example.com 
IP: 158.99.999.99 
VPS: vps12345.vps.ovh.ca 
Web Server: Apache2 
Database Server: MySql 5.5

Installation Steps

Download Wordpress and Extract the Package

Our first step will be to download the latest version of WordPress and unzip the package after download.

root@server:~# wget http://wordpress.org/latest.tar.gz
root@server:~# tar xzvf latest.tar.gz
Create Site Database and User

We’ll need to create a database with an assigned user for each of our sites using mysql commands.  Replace “password” with a unique secure password for each user.

mysql –u root -p 

CREATE DATABASE theforce;
CREATE USER luke@localhost; 
SET PASSWORD FOR luke@localhost= PASSWORD("password"); 
GRANT ALL PRIVILEGES ON theforce.* TO luke@localhost IDENTIFIED BY 'lukepassword';
FLUSH PRIVILEGES;
exit
CREATE DATABASE thedarkside;
CREATE USER vader@localhost;
SET PASSWORD FOR vader@localhost= PASSWORD("password");
GRANT ALL PRIVILEGES ON thedarkside.* TO vader@localhost IDENTIFIED BY 'vaderpassword';
FLUSH PRIVILEGES;
exit
Set-up Site Locations on server

The next steps create the server location in the www folder and copy the wordpress package to each of the server locations.

root@server:~# cd /var/www
root@server:~# mkdir theforce
root@server:~# mkdir thedarkside
root@server:~# cp ~/wordpress/wp-config-sample.php ~ /wordpress/wp-config.php
root@server:~# Rsync –avP ~/wordpress/ /var/www/theforce/
root@server:~# Rsync –avP ~/wordpress/ /var/www/thedarkside/
Set Ownership and Permissions

Set permissions to allow the www-data user to write to the website directory.

root@server:~# chown www-data:www-data * -R 

Configure wp-config.php

Each of the websites installs will need to connect to their respective databases. This is done by changing the settings in the wp-config.php config file for each site.

Run these commands to configure The Force website:

root@server:~# cd /var/www/theforce
root@server:~# sudo nano wp-config.php

Change the connection settings for the The Force website:

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'theforce');
/** MySQL database username */
define('DB_USER', 'luke');
/** MySQL database password */
define('DB_PASSWORD', '<password here>');

Set the Table Prefix for theforce database.  Using fo_ that represents theforce for the table prefix. (Optional)

/**
* WordPress Database Table prefix. 
*
* You can have multiple installations in one database if you give each
* a unique prefix. Only numbers, letters, and underscores please!
*/
$table_prefix  = 'fo_';

 

Run these commands to configure The Darkside website …

root@server:~# cd /var/www/thedarkside
root@server:~# sudo nano wp-config.php

Modify the connection settings for the The Darkside website …

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'thedarkside');
/** MySQL database username */
define('DB_USER', 'vader');
/** MySQL database password */
define('DB_PASSWORD', '<password here>');

Set the Table Prefix for thedarkside database.  Using ds_ that represents thedarkside for the table prefix. (Optional)

/**
* WordPress Database Table prefix. 
*
* You can have multiple installations in one database if you give each
* a unique prefix. Only numbers, letters, and underscores please!
*/
$table_prefix  = 'ds_';
Configure Apache Virtualhost

Copy the conf file for each new site.  The existing sample 000-default.conf template file is used for the copy.  Note that the name for the sample conf file may be different depending on your install.

root@server:~# cd /etc/apache2/sites-available
root@server:~# cp 000-default.conf theforce.conf
root@server:~# cp 000-default.conf thedarkside.conf

Make Changes to the theforce.conf Virtual Host

root@server:~# sudo nano theforce.conf

<VirtualHost *:80>
  ServerAdmin webmaster@localhost
  DocumentRoot /var/www/theforce
  ServerName theforce.com
  ServerAlias theforce.com
  Redirect permanent /phpmyadmin https://vps12345.vps.ovh.ca/phpmyadmin
  <Directory />
    Options FollowSymLinks
    AllowOverride None
  </Directory>
  <Directory /var/www/theforce>
    Options FollowSymLinks
    AllowOverride All
  </Directory>
  ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
  <Directory "/usr/lib/cgi-bin">
    AllowOverride None
    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
    Order allow,deny
    Allow from all
  </Directory>
 
  ErrorLog ${APACHE_LOG_DIR}/error.log
 
  # Possible values include: debug, info, notice, warn, error, crit,
  # alert, emerg.
  LogLevel warn
 
  CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost> 

Make Changes to the thedarkside.conf Virtual Host

root@server:~# sudo nano thedarkside.conf

<VirtualHost *:80>
  ServerAdmin webmaster@localhost
  DocumentRoot /var/www/thedarkside
  ServerName thedarkside.com
  ServerAlias www.thedarkside.com
  Redirect permanent /phpmyadmin https://vps12345.vps.ovh.ca/phpmyadmin
  <Directory />
    Options FollowSymLinks
    AllowOverride None
  </Directory>
  <Directory /var/www/thedarkside>
    Options FollowSymLinks
    AllowOverride All
  </Directory>
  ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
  <Directory "/usr/lib/cgi-bin">
    AllowOverride None
    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
    Order allow,deny
    Allow from all
  </Directory>
 
  ErrorLog ${APACHE_LOG_DIR}/error.log
 
  # Possible values include: debug, info, notice, warn, error, crit,
  # alert, emerg.
  LogLevel warn
 
  CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost> 
Enable The Virtual Hosts Files
root@server:~# a2ensite theforce
root@server:~# a2ensite thedarkside
Configure the Hosts file

root@server:~# sudo nano /etc/hosts

Add the following lines to the bottom of the file:

158.99.999.99    www.theforce.com 
158.99.999.99    www.thedarkside.com
Reload Apache

root@server:~# service apache2 reload

Log into each new WordPress site to complete the website set-up

Open the url for each site in a browser.

www.theforce.com
www.thedarkside.com

You will be forwarded to the WordPress admin site for each domain and prompted to complete the WordPress set-up

Set-Up HTTPS on Your Websites

Setting Up an SSL Certificate with Certbot

Microsoft Excel Rules The World

Steven NgDaily Debug BlogLeave a Comment

Having Excel skills is like winning the jackpot in the lottery. When other people find out what you’ve got, they come out of the woodwork and ask for your help. Ira Iosebasshvili’s article on Excel skills is a pretty funny take (to me at least) on the reality of people knowing that you have a skill they don’t have, whether it be Excel, or how to set up a wifi network.

If you’re one of those people who has built up a base of useful technical knowledge, that first paragraph of the article pretty much sums things up:

“People would come up to me and say, ‘Hey, I hear you’re the Excel guy,’ ” said the 37-year-old metrics consultant from Oak Brook, Ill. Mr. Kalelkar said he has become “a little more passive-aggressive,” warning help-seekers, “Don’t come to me, go to Google first.”

Which, of course, reminds me of one of my favorite XKCD comics of all time:

Now having said all of that, let me go on the record as saying that in my books, Excel is one of the most important and useful applications that has ever been made. I spent a year or so at a client writing Excel VBA scripts to make it do some absolutely crazy stuff, and it was a blast. With the right skills, you can do anything with Excel, including making beautiful art or even a game.

Even now, I see vanilla Excel (vanilla as in no add-ins, macros or scripts) as the ideal business intelligence analysis tool. And admittedly, that was part of my motivation for writing Knodeo Extrata.

I’ve seen a lot of people use Excel in all types of organizations, and there was generally one common thread. All the advanced Excel reporting and analysis was done with linked worksheets that were exported from some black box enterprise system. There’s no argument that it’s not the most efficient way of doing things, but there’s also no argument that it’s a very effective way of doing things, especially when you consider the fact that a lot of people know Excel and can usually find a way to coax Excel into doing what they want it to.

Just because there are better tools than Excel for doing something doesn’t mean people want to change their habits to accomplish that goal. Learning a new tool takes time (and money), and people are already busy with their everyday work. A lot of people just don’t want to get out of their comfort zone, and that’s just fine.

If I had my way, more companies would find ways of making solutions that line up with the existing skills and habits of their users. And when it comes to reporting and analysis, that means fitting in with how people use Microsoft Excel. As it relates to Knodeo Extrata, I just wanted people to be able to get their non-Excel data into an Excel file so they can create reports on them by simply linking the worksheets.

Have we accomplished that? I don’t know for sure, but how about you download the free demo, and let us know what you think?

My Big List of My Favorite Tools For Windows (mostly)

Steven NgDaily Debug BlogLeave a Comment

Overview

I was planning to write a post about how I work, but I realized in the end it was mostly going to be a list of tools, services, and hardware. As I started compiling my list, I realized that it’s a pretty large one.

Most of my list is Windows-centric, but there may be some nuggets for other people, including people who are switching from Mac. Keep in mind that your mileage will vary. Just because I like a tool doesn’t mean you’ll instantly like it too.

Standing On The Shoulders of Giants

Before I get into the big list, I do have to give credit where credit is due. I didn’t come up with this list in a vacuum.

When I switched from Mac to Windows (again) in 2014, Scott Hanselman’s Ultimate Developer and Power Users Tool List for Windows was absolutely indispensable to me. And while Hanselman’s list hasn’t been updated since 2014, it is still just as relevant and useful today.

Hanselman’s list served as the foundation of the suite of software and services that I use myself to stay productive. Be sure to check out Hanselman’s list, as you may find something very useful absent from my list.

Having said that, I use a lot of stuff not on Hanselman’s list, so I’ve decided to present my very own list here.

The List

Nobody paid for placement on my list, and the items I think are worth paying for are items I bought myself.

Instead of doing new posts for new tools, I’ll try to continuously update this list, so check it for updates every now and then.

Without further ado, here’s the list. By the way, the categories are in no particular order. I hope there’s a good discovery in there for you.

The First Thing I Do On Every New Machine

The absolute first thing that I do on every new machine is go to Ninite, pick the apps I want, and do a single bulk install. The great thing about Ninite is that you get a single installation file and it will install all your chosen software without any interruptions. It is such a huge time saver, and I think every Windows user should be using it when they get a new computer or reinstall the operating system.

Essential System Tweaks, or Stuff That I Wish Was Built Into Windows

EarTrumpet is a utility that lets you set audio volume by application. Not all apps play back audio at the same level (TuneIn Radio, I’m looking at you), so you can dial back the volume of some apps without missing the sounds from others.

Classic Explorer/Shell is most popular for letting you get the old Windows Start menu from yesteryear. I don’t really use the start menu (I got into the habit of using Spotlight on the Mac, so I prefer to hit the start button and type the first couple of letters of the app I want to launch), but I think the File Explorer in Windows XP is the best version ever. Classic Explorer lets you make the File Explorer in Windows 10 look and behave like the one in XP.

Speaking of Spotlight, I like to launch apps via the keyboard. The Windows key works for simple cases, but fails when you have multiple applications with similar names or misspell an item. Also, some of Windows’ guesses while it autocompletes can be incredibly inane. There are some alternatives you can consider like Launchy, Wox, and Listary. I’ve tried a few of them (and even bought Listary Pro). They are quite powerful, but I always go back to the Windows key in spite of its failings because it’s a dedicated key on the keyboard that I have muscle memory for.

While I never really used it on Mac, the one thing I hear Mac users groaning about when confronted with the idea of switching to Windows is their crack-like dependency on Quick Look. Well, help is here. QuickLook duplicates that functionality on Windows. I have to admit, it is handy for previewing PDF files in a pinch.

Whether you have a bunch of giant monitors or a tiny laptop monitor, the one display management app I cannot live without is DisplayFusion. It’s not free or necessarily cheap, but it does get heavily discounted at Steam periodically. Steam, by the way, is the best place to buy this software as it lets you install it on any machine you have (with Steam installed) and get free upgrades. Trust me, it’s money well spent.

AutoHotkey is a great tool for power users. At its simplest, it’s a great tool for text expansion, at it’s most powerful, it can be scripted to perform automated tasks on your system. There is one potentially big gotcha. AutoHotkey has been known to be detected as a false positive for malicious software by Chrome and Windows Defender. This is because it’s doing some low level stuff for its functionality. To be on the safe side, I recommend that you check the binary at VirusTotal to be sure that the version you downloaded is safe to install on your machine.

If you jump to a lot of different folders on your machine like I do, you’ll probably find DirectFolders to be indispensable. It’s freemium software, so you don’t have to pay unless you want the added features, but I found it very worthwhile to get the added features. The great thing about DirectFolders is that it works in the File Explorer and in File dialogs as well.

Sets are coming to Windows in the future, but at the time of writing, they’re still months away. Sets basically lets you group some related applications into a single tabbed window. How is this even useful? Let’s say you work on multiple projects on any given day, and each of those projects includes a text editor, browser window and terminal window. You can have a tabbed set for each of your projects so you don’t have to jump around and figure out which window to jump to. This is particularly useful if you’re working with limited screen real estate, such as on a laptop. I use an app called Groupy to get the Sets feature now. It’s not free (but it’s inexpensive), but you can download a trial to see if it works for you. I like this app a lot.

Ever wish you could force your screen(s) to sleep? Well, ScreenOff is a nifty app that lets you do that. To trigger it, I use a hotkey to launch the application. How this isn’t a built-in feature of Windows is beyond me. Speaking of hotkeys, it’s worth mentioning that I use a SteelSeries Apex gaming keyboard as my work keyboard. It adds 22 additional keys that you can customize to perform whatever actions you want. It is an incredible productivity booster.

Windows laptops can be funny. Depending on your laptop vendor, they may not always place the keys where you want them, and there may or may not be caps or num lock indicators. My Asus Zenbook only has an End key when the NumLock is off. That is just damned stupid. Sharpkeys is an indispensable tool for remapping keys. It can’t remap all keys, but it can do most of them. My Zenbook also has an LED for the Caps Lock, but not for the Num Lock (come on, Asus). For that, I use an app called Keyboard Indicator, which adds an icon to your taskbar.

Screen grabbing is an underrated task, and if the out-of-the-box Alt-PrtScn ain’t doing it for you, then you need something a little more powerful. I’ve been using Greenshot for quite some time. The thing I like about it is that it has its own editor, which is great for people who miss Skitch. If you don’t like Greenshot, I have heard a lot of good things about ShareX and Snipaste too, so you might want to check those out.

Screen recording should be a first class feature in any operating system. Camtasia used to be the app to get, but it’s pricey. There is a built in recorder in Windows 10 in the Xbox app, but I prefer OBS Studio. It’s got a dense user interface, but it’s powerful as heck. If you’re looking to record your screen and save as an animated GIF, ScreenToGif is worth checking out.

Stuff I Use Throughout My Working Day

Chrome is easily my most heavily used application on a computer. Yes, it’s a resource hog and it’s probably sending all my browsing info to Google, but I use it nonetheless.

Atom is probably the second most heavily used application on my computer, as I spend most of my time looking at or editing code. It wasn’t always Atom- my go to editor until very recently was Sublime Text, which I still use as my secondary text editor. If you’re wondering why I switched, you can read about it a previous blog post.

When I switched back to Windows, I had become very accustomed to using Terminal on Mac. I never had fond memories of the Windows Command (aka DOS) prompt. Thanks to Scott Hanselman’s list, I found Cmder.  For the most part, Cmder made my transition seamless. There are other alternatives, including ConEmu, which Cmder is built on, but I’ve been happy with Cmder and found no need to switch. Unlike the old days, there’s no need to install Putty or Cygwin.

If you care about your password security, you’ve got to have a password manager. I’ve been using 1Password since its first days on the Mac, and I’ve moved from the paid app to their paid subscription. It’s not perfect, but I rely on it heavily for managing my passwords and other private information. If you’re not willing or interested in pay for 1Password, there are free alternatives like Keepass.

For work based communications, we primarily use Slack. We outgrew the free edition and now have a paid subscription, but it is a great tool. We also continue to use Skype and Skype for Business, but we find the channels in Slack help reduce a lot of the noise. It has definitely reduced the amount of junk emails we send to each other throughout the day. Microsoft does have a Slack knockoff, but if you’re already using a tool, inertia often makes it hard to switch.

Office 365 is not cheap, but it’s cheaper than running your own Exchange server and buying the latest upgrades for the Office software. While I get that there are cheaper options like Google’s GSuite or LibreOffice, there is something to be said about interoperability. Every app that is supposedly compatible with Office never seems to render perfectly when the file is opened in Office. And while I hate the 365 web interface and that damned Ribbon, I still consider Word, Excel, PowerPoint and Access to be among the most powerful tools in my toolbox.

PDF Handling

PDFs are ubiquitous, but nobody wants to pay for Adobe Acrobat. For reading PDFs, I really like Sumatra PDF. For creating PDFs, I use PDFCreator (freemium). Finally, for manipulations like merging and splitting, I like PDFSAM (also freemium).

Note Taking

I used to be hard core Evernote user right back into its early days, but since they changed their license model, I stopped using it. These days, for work related stuff, I use OneNote from our Office 365 subscription, whose interface I have love/hate relationship with, and for personal stuff, I use a folder full of Markdown files in Dropbox, which seems to be working well. On Windows, I use Sublime Text to manage my notes files.

Editors

Text/Code

As mentioned earlier, Atom and Sublime Text are my go-to text editors. I would add that Notepad++ is also quite good. I used to be a heavy Notepad++ user in the Windows XP days, but I rarely use it today.

Design

My preferred PhotoShop alternative is Affinity Photo. It is reasonably priced compared to PhotoShop and its user interface is top notch. I still occasionally use the free Paint.NET to edit raster images though.

My preferred Illustrator alternative is Affinity Designer. Like its sibling, it’s also got a great user interface and is reasonably priced. Affinity Designer was the first app on Mac or Windows that I found that didn’t mangle any Illustrator file of significant complexity. If you are looking for a free vector editor, Inkscape is a serviceable alternative.

My preferred Lightroom alternative is DxO Photolab. I also purchased DxO Viewpoint and DxO FilmPack. For me, the main appeal of PhotoLab are its lens corrections and its noise reduction algorithms. Their automatic adjustments are also pretty good.

If you write documentation or run a web site, one of the most annoying repetitive tasks to do is image resizing. Image Resizer for Windows lets you do it by right clicking an image in File Explorer.

If you need to edit or create a font, TypeTool is an okay tool for that. I bought the app, but I find the licensing model to be a little user hostile and stuck in the 1990s. BirdFont looks like a decent free alternative, but I have not had time to try it out yet. If you like creating handwriting fonts, you might want to check out Microsoft Font Maker.

If you need to create or edit icons, Greenfish Icon Editor is a good free option.

Audio and Video

When I want to listen to my music library while working, I use Musicbee.

For video playback, I like Pot Player.

If I need to recompress video, Handbrake does the job.

Need to grab a video off of Youtube or another site? 4K Video Downloader works pretty well for that.

For creating and editing audio files, Audacity is basically it for me.

For creating and editing video files, the answer is a little trickier. If you can still manage to find Windows Movie Maker, it’s great for quick and dirty edits. There is no good low cost equivalent to Apple’s iMovie on Windows. I’ve bought and tried several apps, including those from Cyberlink and Corel (Corel is where good apps go to die), and have had middling results. Premiere Elements is an option, but then you’ve got to deal with Adobe’s customer unfriendly activation schemes, which I am not willing to do. So unfortunately, I don’t have a fantastic video editing pick for you right now.

Communications Tools

If you don’t like to be distracted by your phone when receiving instant messages, YakYak (for Google Hangouts), Whatsapp for desktop and Android Messages for the Web are very handy.

For standalone mail clients, Easymail for Gmail and Postbox are pretty good.

Development

Most of the work I do is in Node, Ruby and SQL, so this list may be less useful for you depending on the type of development that you do. As mentioned earlier, Atom and Cmder are important parts of my development toolbox, but there are other important tools that I use.

Github (for public repos) and Bitbucket (for private repos) are our go-to tools for source control. If you want to self-host, you can also install Gitea or Gogs on a local or cloud server. If you prefer to use a gui for Git, SourceTree is a pretty good one.

Because Cmder satisfies my terminal requirements so well, I still haven’t had a chance to try the Windows Subsystem for Linux. I do think that it is a very appealing feature for Mac expats though.

If you’re setting up a web server with SSL, I think it’s a no-brainer these days to use Let’s Encrypt with Certbot.

Testing Stripe webhooks can be the bane of my existence. I really wish Stripe would offer better tools for local development. Having said that, ngrok is a wonderful tool for letting you receive webhooks on a developer machine behind a firewall. It’s a freemium service, and the prices are more than reasonable.

For testing REST APIs, Postman is very handy. Tooting our own horn, I also use Knodeo Extrata for testing APIs. Part of my rationale for building Extrata was to get API data from Stripe because I found their admin interface so frustrating to use when troubleshooting.

While Atom provides me with diff comparison tools within my text editor, Winmerge is a great standalone tool for diff analysis.

For virtualization, I use VMWare Workstation Player when I need to run a guest operating system that has a GUI. For Linux servers, I usually use Virtualbox, sometimes with Vagrant. I’ve heard that hardcore vagrant users have issues on Windows, but that has not been my experience.

For bug tracking, I like Manuscript (formerly known as Fogbugz). They used to have a free startup account for up to two users, but I’m not sure if they still do.

Documentation

If you need to document a lot of screens quickly, the Steps Recorder in Windows (built in to all recent versions) is a great time saver. It’s not without a catch though, it saves the recording in an MHT file in a ZIP file. To get your screenshots out of the MHT file, I suggest you use extractMHT, which is free.

Databases

If you have to query any relational databases, DBVisualizer is pretty good. You can use it free, although there are limitations on some features. I use an add-on in Atom these days, so my dependency on DBVisualizer isn’t what it used to be. Some other querying tools worth checking out are Query Express and Linqpad.

If you need to store data easily without a server, Microsoft Access is still great for that. If you don’t have an Office 365 subscription that offers it, LibreOffice has a similar tool, although the user interface is mediocre at best.

In terms of servers, you can’t go wrong with Postgresql, MySQL or SQL Server Express. My first choice for a long time has been Postgresql.

Need to pull or move data? Pentaho, Scriptella and SQLines are pretty good for that. Shameless promo- when I need to export relational data to Excel, I also use Knodeo Extrata for that too.

Backup and Storage

I use Dropbox, Google Drive and Office 365 to store files in the cloud. If I’m being honest, however, I can’t stand Office 365’s OneDrive for business. I only use it because I have to.

If you’re looking to host your own Dropbox type of service, OwnCloud is pretty good. A lot of NASes that can run apps support it. I use it to sync photos across my various computers.

If you’re looking to store backups in the cloud, Backblaze is a pretty good option. If you’re looking for flexibility in how you store your backups, Backblaze B2 might be an even better option.

For backup software itself, I rely heavily on Windows File History, which is kinda like Time Machine on the Mac, and Duplicati. Duplicati, by the way, also supports writing to Backblaze B2 as well.

For drive imaging, I use Acronis. It’s not free or cheap, but you don’t appreciate the value of it until you really need it. The one downside is that the Windows software likes to upsell you newer versions, which is annoying for something you paid for. Another good imaging tool is Macrium Reflect, which has a pretty useful free version.

In terms of offline storage, I use a BluRay burner and burn with Cyberlink Power2Go. I’m not a huge fan of Power2Go, but it came with my burner and it works.

Antivirus and Security

For me, Windows Defender is the only active antivirus I have on my machine. When I’m feeling very paranoid, I check my files at VirusTotal, which will analyze them with several antivirus applications.

If I’m using public wifi and want some protection, I use a VPN. For that, I like Private Internet Access.

Diagnostic Utilities

When I’m troubleshooting more complicated problems, my two go to applications are Process Explorer and Process Monitor.

Network Utilities

If you’re trying to map out wifi signal strength at your home or office, Netspot is pretty good for that. Another one worth considering is WiFi Survey, which is available from the Windows store. I found WiFi Survey to be a little easier to use when mapping the signal strength of my access points at my house, but the app is not free.

If you are wondering who’s lurking on your network, Nmap for Windows is a good utility for that.

If you need to test your Internet speed, fast.com is a nice clean way to do that. If you want to know information about your IP and location, Private Internet Access’s What’s My IP Address page is a good tool.

Need to test some DNS entries? Are checking if a DNS text value has propagated so you can get your Let’s Encrypt certificate working? MXToolbox is a great tool for that.

Disk Utilities

If your disk is cramped for space and you want to know what’s eating it all up, Windirstat is a great way to visualize it. While Windirstat is one of the OGs for space analysis on Windows, here are some newer alternatives like Space Sniffer and Wiztree that are worth checking out too.

Need to fix your partitions and Windows Disk Management isn’t being too helpful? MiniTool Partition Wizard has a free version that will work in a pinch.

Want to replace spaces with underscores in a thousand files? Want to add a prefix to them too? Advanced Renamer is a great batch renaming utility.

Newer versions of Windows don’t let you format in FAT32 any more. FAT32 Formatter for Windows lets you format FAT32 disks when exFAT is going to give you compatibility problems.

Need to write a raw disk image (like a Raspberry Pi distribution) to an SD card? Win32DiskImager is probably the tool you need.

Need to make a bootable USB key from a Linux ISO? Rufus is great for that.

File locked? Ok this problem is a little complex, and not always solvable, but FileAssassin can help some of the times. If that doesn’t work, you might have to chase the problem down with ProcessExplorer or reboot.

Other Utilities

Got a Windows Home machine that you want to remote control? Windows Home doesn’t offer Remote Desktop out of the box, so TightVNC is a great substitute for that.

For compression, 7zip is my favorite tool. Not much more to say than that.

If you’ve got multiple computers (regardless of operating system) on your desk and you want to use one keyboard and mouse to control them all, Synergy is great for that.

While I don’t use a GUI for file transfers very often, Cyberduck is the tool when I need to.

If you need to get a Linux distribution via BitTorrent, qBittorrent is a good client for that.

Want to use a gamepad or joystick as an input device? I know this seems counterintuitive, but a gamepad can be a great device for bulk operations that would otherwise require a lot of repetitive keystrokes. For example, I’ve used a gamepad to to rate thousands of photos. Joy2Key and AntiMicro are great tools that can map your gamepad inputs into keystrokes.

Browsers, Extensions and Web Sites

Chrome is my go-to browser, but sometimes you still need to use Firefox, Edge or Internet Explorer if you’ve got older devices that have Java user interfaces, etc.

I like Chrome for a number of reasons, but one of the big ones is the extension ecosystem. A few that I like are:

  • UMatrix, which lets you limit what a site can run in your browser (also available on Firefox)
  • Copy As Markdown, which lets you copy a link in one or more tabs as Markdown
  • Screencastify (freemium), which lets you record activity in a web site. The one thing I like about Screencastify over a general screen recorder is that it records the browser viewport without any of the browser chrome and you don’t have to worry about resetting a recording area if you move the window.
  • Incognito Filter, which forces specific sites to open up in a new incognito window.
  • Pinterest, which I use for clipping images I might want to refer to later

Some sites and services I use all the time:

  • Bing, Google and DuckDuckGo for searches. Google used to be my only search destination, but these days, there’s so much garbage that trickles up to the top of search results that I need to use more than one
  • Assign It To Me (self promotion alert!) for managing projects
  • Hacker News is how I keep up to date with technology
  • Passmark for CPU and GPU benchmarks.
  • ImgFlip for sending sassy self-generated memes
  • Feedly for aggregating all my RSS feeds
  • Reddit for specialized technical subject area discussions… and cute dog photos

Odds and Ends

Here are a few things that I use that aren’t so easily categorized.

If you are trying to create a complex hierarchical document, Treesheets is pretty fantastic.

Are you a Canadian corporation and do your own taxes? Futuretax is pretty good and one of the lowest cost options.

For cloud VPS server hosting, we like to use OVH because they have a data center in Canada and their prices are pretty good.

If you are setting up non-proprietary IP security cams and want a decent and free NVR, Zoneminder is pretty good. The UI is a little dense, but the motion detection zones are better than many of the other options. It only runs on Linux though.