Because some posts just refuse to be placed into a bucket
Registrations for Seattle Code Camp 2018 are open. If you come on September 15th you can hear me speak about cryptography failures. All intention is for this to be a lightweight and funny talk but let’s see how funny crosses the language barrier. :)
If you attend, feel free to say hi, whether you attend my talk or not. :)
Once you get Let’s Encrypt certificate setup, there are two more things needed. First one is setting up renewal as our certificates don’t last more than 90 days. The second one is often overlooked - actually monitoring how long before certificate expires. If anything prevents your certificate renewing, you definitely want to know it.
My approach to this problem is introducing an extra step in my daily e-mail report (I will assume here you have one setup already). This bash code will connect to a server, enumerate all certificates within /etc/letsencrypt/ directory, extract their name, and give an extra warning if certificate is expiring in less than 15 days.
Without the further ado, here is the code excerpt:
NOW=`date +%s`
PEMS=`ssh ^^myuser^^@^^myserver.example.com^^ find /etc/letsencrypt/ -name "cert.pem" -print`
for PEM in $PEMS
do
NAME=`echo $PEM | rev | cut -d'/' -f2 | rev`
EXPIRY_RAW=`ssh ^^myuser^^@^^myserver.example.com^^ openssl x509 -enddate -noout -in "$PEM" | cut -d= -f 2`
EXPIRY=`date -jf "%b %d %T %Y %Z" "$EXPIRY_RAW" "+%s"`
REMAINING=$(( EXPIRY - NOW ))
REMAINING_DAYS=$(( REMAINING / 86400 ))
if (( REMAINING_DAYS >= 15 ))
then
echo "• $NAME expires in $REMAINING_DAYS days"
else
if (( REMAINING_DAYS < 0 ))
then
echo "‼ $NAME expiry cannot be determined"
else
echo "‼ $NAME expires in $REMAINING_DAYS days"
fi
fi
done
If you are curious about C++ and the news it brings (yes, development is still much alive) you are in luck. Written by Marc Grégoire and dealing with the 17th edition of C++, you are sure to find something interesting.
This C++ release includes a filesystem API, template argument deduction for constructors, optional values, the variant type, the any type, parallel algorithms, string conversion primitives, nested namespaces, and more. Considering the wide net this edition has casted, you are sure to find something useful for your development.
While C++ is not the easiest language to learn or perfect I found that a lot of examples is extremely helpful to make this medicine go down. And this book does deliver as examples are available for both Windows and Linux. Even better, you can check examples without downloading book. A bit cheeky but excellent way to determine how interested in the book you might be.
Book is published by Wiley/Wrox and available at Amazon.
As we approach yet another biyearly daylight savings time change, there came a news about politicians actually doing something smart for a change. European Parliament voted to keep the same UTC offset the whole year round. If this decision is followed through, gone are the days of hunt for every clock to update it an hour back or forward before the next change comes.
And yes, of course it is not as simple as turning the daylight change off. First it needs to get to the European Commission that traditionally likes to avoid implementing anything. Then all member states need to agree when to do it. Then decision needs to be postponed multiple times. Then everybody will try to implement the decision at the very last moment. You know, the usual.
However, for the first time in forever there is some hope. I can already see myself talking to my grandchildren about the dark times when people all around the world changed their time by hour (or less - damn you Lord Howe Island), for reasons long forgotten, and at the time every country decided upon themselves.
Grandchildren will probably just say that grandpa is crazy and that this could have never been. And then they will go out to play in the UTC world…
It has been a very scary start of the year. We’re only a few days in and world is already falling apart. If you aren’t scared already, it is enough to see a demonstration for Meltdown and Spectre exploits to feel very uncomfortable.
I won’t go into the details as this dreadful exploit family already has a web page with all the information one could desire to know. If that’s not enough, probably every major news outlet has an article or two about it.
In the midst of all this ruckus and panic unfortunately, for most of us, there is nothing to do. Due to the nature of these faults, fix has to be either done in hardware (albeit with some mitigations via microcode update) or in OS kernel of your choice. There is simply nothing application developer can realistically do but wait. Once “big boys” have done their work, there will be a flurry of activity if you need to do some performance testing and that’s it. Explicit regression testing will not be needed as you have it automated to run over night anyhow (wink-wink) and the risk of user code breakage is quite low.
If you are dealing with OS maintenance, you will have a bit more work to do. While some patches are already out, more are still expected, and I trust Murphy will ensure that at least some patches will receive patches of their own. If you are dealing with a cloud environment you will have your work multiplied by a factor but that comes with a saving grace of easily automating stuff across many machines. It will be busy but surmountable.
Those of us who also deal with hardware, I pity. Updating firmware is annoying even when there is no pressure. Generally machine has to go down to even think about it. Then you will try to automate it only to find out that 50% of your blades simply didn’t “take” the update and vendor coolly advises that “it sometime happens” and that you should proceed with manual installation.
And, of course, these servers haven’t had their firmware updated for a while and microcode you want to get will come with bunch of other firmware fixes and changes you don’t want to deal with right now. Tough luck - microcode will not be “backported” to your current version. Just hope it doesn’t change some obscure default causing issue when machine is finally booted up or that you will need to update your pristine 1.0 to some other version before you can even think about getting the latest.
And please don’t think about going home because you’ll see BIOS with microcode update ready in the next few days for your home computer too. For example, my Dell has it for a couple of days now. So you will go updating all personal computers only to discover your wife’s laptop doesn’t boot anymore…
May you live in interesting times, indeed.
First day of 2018 is perfect time to look upon the previous year.
After changing domain last year, I decided to move hosting too. While I left my domains with DreamHost and Plus, I moved my hosting to Linode. Performance-wise, its even smallest package is equivalent to shared hosting and it offers much higher flexibility.
In any case, my decision was topic of quite a few posts and probably will see a few more in 2018. Speaking of posts, year 2017 saw 83 of them. That’s an average of one post every 4-5 days. Right in the ballpark of the last year’s resolution.
Majority of posts was Linux related - whether it’s Linode or Mikrotik. I essentially went over all things I needed to setup my home network, my home NAS, my NTP server, and my web site.
Second most-used category was programming, followed by general updates, and lastly just a single post about electronics. I guess after having it be top category for 2016, I grew a bit tired. But no worries, I have a few electronics projects planned for this year.
Traffic-wise, there was a slight growth as compared to the last year. For Nth year in row, this is driven mostly by VHD Attach, followed closely by OpenVPN and SSTP setup for Mikrotik. My password manager Bimil also saw quite an uptick in downloads.
In regards to the reader’s browser selection, Chrome is still firmly in the first place with just below 60%, Firefox is distant second at 20%, and Internet Explorer has dipped below 10% but still in the third place. In forth place Safari slightly dropped to 5% with Edge still at 3% and going nowhere from the fifth.
Traffic coming from small browsers has increased with almost 5% belonging to either ancient (yes, Opera is here again) or browsers I’ve never heard of (e.g., YaBrowser). I wouldn’t be surprised to see one of them kick Edge off the top 5 list next year.
When it comes to traffic sources, USA is still firmly first with 20% of visitors. Second is still Germany, albeit at slightly lower 7%. Third place belongs to Great Britain and Russia, both at 4%. France, India, Italy, and newcomer Poland follow at 3%. My home country of Croatia is 19th at 1.24%.
This year also saw record 213 countries in the list of visitors. Of all single visit countries, my points go to St. Barthélemy. I am a sucker for names outside of ASCII.
That’s all for the year 2017, all the best in 2018!
Back in 2011 I finally got fed up with Firefox. It was slow, crashing every few moments, and often it would hang. Suffice to say, I was not a happy camper. I tried Chrome, fell in love, and haven’t looked back.
Fast forward to 2017. Up to a few days ago I had a déjà vu feeling. Chrome was getting slow, it crashed daily, and it would hang often - especially on YouTube. The only difference being was difficulty of killing Chrome as it consists of multiple processes and some of them cannot be easily killed.
I did entertain idea of Edge for a day just to find it is still a piece of crap, less capable than even Internet Explorer, and incapable of properly handling shortcut toolbar editing. I also though of Safari for a moment but decided against it purely based on dislike of version I installed three years ago.
At the end I gave Firefox a try and now, month later, I am still using it.
Move itself was uneventful and definitively not a big jump. Interface is similar enough to Chrome to a point I mostly don’t even notice I switched - the only minor annoyance is having all downloaded files under menu. It is a bit lower on memory but not much. Not sure it is faster. Bookmark sync works flawlessly.
But the biggest benefit is that it is rock solid. It is essentially what Chrome was for me a year ago. Shows web pages and doesn’t get in the way. Knowing history, I won’t stay with Firefox forever. But I’ll enjoy it for now in hope Chrome will fix their code before Firefox spoils theirs.
When you install Linux Mint, you cannot simply have only root user. Nope - you cannot even login as root. Annoying as it is, there are valid security reasons for this restriction. However, sometime you just need temporary installation with root user, and all security be damned. For those times, here is the guide how to enable root user on Mint 18.2 (Sonya).
Assuming you went through the standard installation and are logged in as standard user, the first step is to assign password to the root:
sudo passwd root
[sudo] password for test:
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfullyNext you need profile file. The easiest approach is to steal it from the current user:
sudo cp $HOME/.profile /root/.profileLastly, enable user name prompt and reboot:
echo "[SeatDefaults]" | sudo tee /etc/lightdm/lightdm.conf
echo "greeter-show-manual-login=true" | sudo tee -a /etc/lightdm/lightdm.conf
sudo rebootAfter the system starts again, there will be login entry and we can use our root credentials to get in.
Of course, we can bring this madness even further. Now that we are using root, we can delete our non-priviledged user:
userdel ^^user^^
rm -R /home/^^user^^Further more, for real crazies :), we can automatically boot into root:
echo "autologin-user=root" >> /etc/lightdm/lightdm.confUnfortunately, this all doesn’t come without the cost - and not only in security. At this time there is a bug in Caja preventing desktop icon to be shown. As far as I can tell, these are the only usability consequences of the trip to the wild side.
My beloved Casio Edifice has been on my wrist for years. And due to “gentleness” on my part, its mineral glass got scratched to the point of impacting readability. It was time for either a new watch or change of the glass. Guess which one I have chosen?
First task was the hardest - I had to find appropriately-sized replacement glass. Diameter was easy as you can measure it with calipers. Thickness was a bit more difficult. Someone doing it properly would disassemble the watch, remove crystal, and measure it. I just eyeballed it and decided that beveled 2.5 mm should fit just fine. And bevel did save me as its “unbeveled” height of 1.6 mm fits nicely in place of Casio’s 2 mm flat mineral glass.
For the new glass, I didn’t just want anything. I wanted to have sapphire as to minimize scratching in the future. And on that front I had choice between generic sapphire glass or a bit fancier AR coated ones. I went with blue AR coating as I felt it would bring a bit of pizzazz.
Once I received my glass, I was ready to begin with process. Instructions for it, of course, I found on YouTube. Disassembly went according to plan as soon as I took the bracelet off to ease handling. I used case opener to get the back off and then spent 10 minutes searching for a small hole to release the crown. With crown out the watch mechanism itself was trivial to remove.
All this was done while wearing finger cots (I find them much more comfortable than full gloves) and with occasional blow from dust blower. With quartz mechanism as one in this Casio, this might not be too important but I read too many horror stories about dust getting into gears so playing it safe seemed reasonable. To protect mechanism and avoid losing small parts I used a small plastic container.
Watch press was the most fidgety part of process because I had to find appropriately sized dies. Pains were worth it because glass did come out in a single piece despite the loud cracking noise.
As I have a good experience with silicon grease from my fountain pen hobby, I decided to get both case and the side of glass generously coated. Not sure whether my glass was better sized than one in video or due to silicone grease but glass was fitted on the first try. I found it so unbelievable that I had to check multiple times it’s really in and fitted straight. While grease probably did help with inserting it also meant I had to spend a few minutes cleaning the excess. Well worth if you ask me.
With glass mounted it was time to reassemble the watch. As expected, the same steps followed in reverse direction were all it took. In hindsight, I should have tested waterproofness before returning mechanism in but I simply forgot. In any case, my son has been wearing it while swimming in pool a few times already thus proving it’s reasonably waterproof. I wouldn’t bet on full 100 m rating though.
With sapphire replacement watch got a new lease on life and completely new look. Polishing the case would probably bring me a step further but I’ll save that for some later time. :)
Here is the list of all parts used in the course of swap. Note I didn’t actually buy all these things specifically for this project (e.g. Calipers, silicon grease, and figer cots I had from before) but I listed them anyhow.
PS: Albeit pronoun I is used all throughout this text, most of work was actually done by my son while I was providing paternal support in form of instructions and warnings. :)
Windows 10 releases are numerous. If you are using Microsoft Media Creation Tool to download ISOs, you know how hard is to track them. Fortunately, it is possible to get information about version from ISO file itself.
First order of business is mounting downloaded ISO file. It is as easy as double clicking on it.
Then find Setup.exe; right-click; Properties; and go to Details tab. There under product version you will find the build number - in my case it was 15063.
If you want to know more (e.g. which editions are present in .iso file) we need to open Administrator command prompt (or PowerShell) and run [dism](https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/what-is-dism). I will assume, ISO is mounted as disk W: and that your download includes both 32-bit and 64-bit Windows. Adjust path to install.wim as needed.
dism /Get-WimInfo /WimFile:W:\x64\sources\install.esd
Deployment Image Servicing and Management tool
Version: 10.0.15063.0
Details for image : W:\x64\sources\install.esd
Index : 1
Name : Windows 10 Pro
Description : Windows 10 Pro
Size : 15,305,539,033 bytes
Index : 2
Name : Windows 10 Home
Description : Windows 10 Home
Size : 15,127,824,725 bytes
Index : 3
Name : Windows 10 Home Single Language
Description : Windows 10 Home Single Language
Size : 15,129,601,869 bytes
Index : 4
Name : Windows 10 Education
Description : Windows 10 Education
Size : 15,125,050,322 bytes
The operation completed successfully.As you can see, this disk consists of four editions. Which one gets installed is determined based on your product key.
And you can go even further with investigation, if you give it index parameter:
dism /Get-WimInfo /WimFile:^^W:\x64\sources\install.esd^^ /index:^^1^^
Deployment Image Servicing and Management tool
Version: 10.0.15063.0
Details for image : W:\x64\sources\install.esd
Index : 1
Name : Windows 10 Pro
Description : Windows 10 Pro
Size : 15,305,539,033 bytes
WIM Bootable : No
Architecture : x64
Hal :
Version : 10.0.15063
ServicePack Build : 0
ServicePack Level : 0
Edition : Professional
Installation : Client
ProductType : WinNT
ProductSuite : Terminal Server
System Root : WINDOWS
Directories : 19668
Files : 101896
Created : 2017-03-18 - 19:40:43
Modified : 2017-08-26 - 21:33:30
Languages :
en-US (Default)
The operation completed successfully.