Remember the times when we copied PHP “libraries” into our project folder, or we copy and pasted code from some random site into our project? Those times are over. Composer and Packagist are the modern way to manage PHP dependencies. They are great. Almost as good as The Maven repos and their build tools in the Java world. However, while Composer is really good at managing the dependencies of a single project, i.e. one composer.json file, it does not play well if you want to plug different projects together at runtime. And by “does not play well” I mean it simply doesn’t work if you have two or more composer.json files. This quick post demonstrates a way around this limitation. Quick and dirty. Just like the foundations of PHP :-)
Many of us developers or system administrators use OpenSSH’s public key authentication (aka password-less login) on a daily basis. The mechanism works based on public key cryptography: By adding a RSA/DSA public key to the authorized_keys file, the user with the matching private key can login without a password. The mechanism works great for a couple of hundred, thousands and even 100k thousand users (tested, login takes ~2sec).
But what if there are more keypairs, say, a million users, or a more flexible approach is desired? Maybe with an LDAP or a database backend? Think of GitHub and how they do their ssh firstname.lastname@example.org ... login! This blog post shows you how to do that by patching OpenSSH’s AuthorizedKeysCommand option to support an additional fingerprint argument.
Every system administrator, most programmers and countless of command line surfing Linux/Mac users use it every day without thinking twice. Hitting the tab key twice, [TAB][TAB], has become the most common thing in the world. Bash completion is the magic behind the tab key. It’s easy to use, but it’s a pain to write. This tiny post demonstrates how to write scripts for bash completion, with sub-commands and dynamic parameters. A working script is embedded in my open source file sync software Syncany.
These days, ISPs are often forced to block the access to certain sites, because their government considers these sites dangerous and/or illegal. While one could certainly discuss the usefulness of such measures in great detail, this tiny post focuses on the more interesting subject of how to circumvent these blockages. It’s not a lenghty post, and it doesn’t show all the ways there are, but I’ll show two simple ways to circumvent Internet non-DNS-based filters.
For my open source file sync software Syncany, I have integrated the automatic plugin build process (we provide plugin repository and an easy plugin API to download plugins) with an upload to the Syncany API server. Plugins (JAR files) are uploaded by Travis (example: Samba plugin) to the Syncany server. To serve meta data on through the plugin API, I need to parse the plugins’ MANIFEST.MF files and store them in a database.
This tiny blog post shows you how to read a ZIP/JAR file entry with PHP, and parse JAR manifest (MANIFEST.MF) file. That’s it. Nothing fancy.
For my open source file sync software Syncany, I use the embedded web server and web socket server Undertow to provide a websocket and REST based interface by the Syncany daemon. Syncany clients (such as the GUI, or potentially a web interface) connect to this daemon, send requests and receive asynchronous events. Syncany’s GUI client also uses the Undertow websocket client to connect to the above mentioned daemon.
To authenticate the websocket client with the daemon, the simple HTTP basic authentication mechanism over HTTPS is used. This tiny post shows you how to authenticate against a websocket server with HTTP basic auth using the Undertow websocket client.
I recently updated from Linux Mint 16 Petra to Linux Mint 17 Qiana. Everything went smoothly, except for my dock Docky. For some reason, Docky decides to crash every once in a while with some error message.
Instead of fixing this error or reporting it, I decided to find the easy way out and simple set up a cronjob to restart Docky every minute (if it has crashed).
The recent POODLE attack (Padding Oracle On Downgraded Legacy Encryption) exploits a vulnerability of an older version of SSL (SSLv3) by performing a padding oracle attack — and thereby allowing a man-in-the-middle scenario.
To be vulnerable, both client (browser) and server have to support SSLv3. If either one does not support or has disabled the protocol, this vulnerability cannot be exploited. This tiny article shows you how to disable SSLv3 in Firefox — thereby effectively making your browser POODLE-safe.
Batch (.bat) files are an MS-DOS legacy technology and I don’t know a single person who loves writing them — and yet, to this day, many people have to do it. In order to run Java programs, start daemons or check if a process is running, batch files have to be used. For my open source file sync tool Syncany, I had to do just that:
The Syncany daemon runs in the background and is started by a batch script. To check if the daemon is already running, the batch script needs to read a PID file and determine if a process with this PID is running.
Since it took me an enormeous amount of time to figure out how to do that (I am a Linux guy!), I wanted to share that little script in this code snippet.