Skip to main content

#Issue - Building the community edition of IntelliJ

1 min read

I've spent several hours to figure that using eCryptf (http://ecryptfs.org) to access encrypted files belonging to a mounted partition where the IntelliJ IDEA project (https://github.com/jetbrains/intellij-community) has been cloned, was compromising all my attempts to build the project. 

Fortunately, once again, stackoverflow came to the rescue :

I had only to move the newly cloned repository to another unencrypted partition in order to be able to build the project successfully. It seems that eCryptfs doesn't play well with long file names.

Learning about compilers

2 min read

In order to have a better understanding of context-free grammars, lexers and parsers,
I have developed a basic JSON editor with Vuejs (https://vuejs.org) by going through chapters and exercices of Compilers, Principles, Techniques, & Tools (http://bit.ly/compilers-principles). 

 

The  project (http://www.antlr.org) has been of tremendous help to generate parsers from grammars (https://github.com/antlr/grammars-v4). This side project reminded me of times when David NowinskySophie Despeisse and I, had to edit many configuration files by hand, which was quite error-prone without adequate tooling.

 

In the past, I would not dare playing with a recursive descent parser. Thanks to reactivity in a browser brought by modern libraries, the fun is back.

 

Would anyone want me to write a short article on the topic, I would gladly describe how to implement the aforementioned editor from Backus-Naur form notation technique to the edition of tokens implemented as many Vue components.

 

I've published a prototype, along with its sources (https://github.com/thierrymarianne/project-learning-compilers). It is still at its early stage but I'm looking for some additional insights about how the job could have been done so comments about this project which main purpose is to learn are very welcome).

 

https://json.weaving-the-web.org

#Grub - How to boot a linux kernel from a Grub console?

2 min read

After upgrading my personal servers to Debian Stretch, one of them would not reboot.
I had to use KVM over IP (via iLO) to figure there was an issue with the bootloader configuration.

I've successively encountered the following error messages:

no loaded kernel
file not found

After rebooting the server in rescue mode, I recovered the configuration file generated by Grub and I run the following commands in Grub console :

grub > insmod gzio
grub > insmod part_msdos
grub > insmod ext2
grub > set root='hd0,msdos1'
grub > search --no-floppy --fs-uuid --set=root BXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
grub > linux /vmlinuz-4.9.0-3-amd64 root=UUID=RXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX ro quiet
grub > initrd /initrd.img-4.9.0-3-amd64
grub > boot

The first UUID (BXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX) matches with a boot partition (hd0,msdos1) of a disk drive and the second UUID (RXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX) matches with a root partition of a disk drive.

 

After gaining access to a remote shell over ssh again, I've fixed Grub installation by running the following command:  

sudo grub-install /dev/sda

Eventually, I've ensured everything was OK by using greb-emu before rebooting again

sudo apt install grub-emu
grub-emu
grub-install --version # returns "grub-install (GRUB) 2.02~beta3-5"





#Shell - How to check the TLS certificate expiration date of a remote host?

1 min read

Inspired by articles read from ShellHacks, Mattias Geniar's blog and the answer to a question posted on stackoverflow, I've added a function and an alias to my shell start-up script to check the TLS certificate expiration date of a remote host

#PGP - How to leverage to encrypt, sign and decrypt messages?

1 min read

Install the GNU Privacy Guard implementation of the OpenPGP standard.

Install and configure a messaging client like Thunderbird 
for use with a plugin supporting OpenPGP.

Enigmail can be installed as a plugin for Thunderbird allowing to encrypt, sign and decrypt emails.

Sending emails which have been signed or encrypted will require 

  • the generation of a PGP key pair (a public key and a private key)
  • the exchange of public keys with recipients of messages
    (for example by organizing a physical meeting) 

Other initiatives allowing to encrypt, sign and decrypt messages from a browser :

Riseup has published a pretty list of OpenPGP best practices

#Testing - About (not) using an alternative database for your functional tests

1 min read

Using an SQLite database for testing might come in handy.

Why should we use a database increasing the footprint of a test suite when executing very few queries? 

Even few queries are not prepared the same way depending on the database engine and as a result there is no guarantee of having the same records set returned by SQLite and another database used in production. 

For instance, I've encountered the following issues before:

 

#Lumen - Your database timezone set to "+00:00" by default with Lumen

1 min read

When running a command-line with artisan, I had time-dependent queries which never returned the affected rows I was expecting. I had this command precisely running at 00:01 every morning. 

By scheduling the task three hours later or by launching it manually in the morning, I was provided with the correct results. That's how I figured something was off with regards to the application timezone.

At first, I set the environment variable APP_TIMEZONE value to Europe/Paris in .env according to my context of execution. Unfortunately, it was not the solution to my problem.

Since we're dealing with open source code, why not exploring the vendors?

grep -rn timezone ./vendor

resulting in this specific match (among many others)

./vendor/illuminate/database/Connectors/MySqlConnector.php:43:        if (isset($config['timezone'])) { 

The following keywords submitted to DuckDuckGo led me to the right solution :

https://github.com/laravel/lumen-framework/issues/50
https://github.com/laravel/lumen/pull/32/files

The following setting was missing from my application .env file 

DB_TIMEZONE=+02:00

#2FA - How to make a backup of secrets stored in Google Authentication app (Android)?

1 min read

  1. Enable USB debugging in the phone developer options
  2. Pull the SQLite database using adb  
    adb pull /data/data/com.google.android.apps.authenticator2/databases
  3. Extract the database records using an SQLite client 
    sqlite3 database 
    .dump accounts
  4. Save the output in a reasonably safe place (for instance store it in a lastpass secure note)


See also http://dpron.com/3-ways-to-move-google-authenticator/

#MySQL - How to prevent a MySQL database from writing binary l ogs?

1 min read

To decommission an old server running a replicated MySQL database,
I had to prevent the (master) database from writing binary logs.

I figured I would need to