Leben++

It's never too late to get a life

How Secure Are Ansible Vaults?

Encrypting credentials like SSH keys or database passwords and putting the encrypted file in a semi-public Git repository is both convenient and scary. Convenient because every user of the repository only has to know only one password. Scary because you now rely on encryption and passwords instead of other security practices. So the question arose in my team “Assuming there are no implementation errors, how secure are Ansible Vaults?” Since the first 10 Google results did not answer this question quick enough, I decided to read the source code and answer the question myself.

Impressions from the Wikimedia Hackathon 2017 in Vienna

I attended the Wikimedia Hackathon 2017 in Vienna. This is a summary and review of what I learned there while working on the prototype of the “Advanced Search Form” extension for MediaWiki. The first hurdle for working on the feature was setting up a MediaWiki environment. The recommended way is the Vagrant environment, but I’ve had bad experiences with that in the past and did not want do download tons of stuff over the conference WiFi.

Impressions from JSConf.eu 2017 - Day Two

Here are the bits and pieces I learned from the talks I attended at the second day of JSConf 2017 in Berlin: Applying NASA coding standards to JavaScript “Would you fly in a plane with an HTML and JavaScript instrument panel?” was the question Denis Radin asked at the beginning of the talk. While he is hopeful that improving the overall quality of JavaScript code may lead some day to the browser being the “universal GUI”, I remain skeptical for aviation, space exploration and other mission-critical systems that need real-time performance characteristics and high fault tolerance.

Impressions from JSConf.eu 2017 - Day One

Here are the bits and pieces I learned from the talks I attended at the first day of JSConf 2017 in Berlin: What’s new in Netscape Navigator 2.0 Marcin Szczepanski tried to build the TodoMVC app with the first JavaScript implementation that was available - in Netscape Navigator 2.0. There was no DOM to manipulate, you could only call document.write during the render call. What he came up with, was an application architecture based on HTML framesets with a “parent frame” that holds the application state and child frames that are re-loaded and thus re-rendered with the current state whenever an event occurs.

Creating users and their passwords with Ansible

This article will teach you how create user accounts with the configuration management software Ansible. You will learn how to create users with passwords, SSH-only users and users with temporary passwords that must be changed. Some background on passwords on Linux The file /etc/passwd hints at passwords, but stores only an “x” or other character where the password has been stored historically. The real passwords are stored in the file /etc/shadow, in a hashed format.

Running Spress in Docker

My last PHP update broke Spress, the static site generator I use for this blog. I decided to move my blog generation to a more stable and portable environment - a Docker container. I’ve documented what I did and what I learned with this blog post. This is my first attempt to do something with Docker, please excuse any bad practices. You can find the finished Dockerfile at https://github.com/gbirke/spress-docker.

Object Oriented File Access in PHP

Test-driven driven development in PHP can become a pain when you’re dealing with the file system. The builtin functions like stat, getfilemtime, fopen and fgets assume the existence of actual files. Until now, I assumed you’d have to add a library like FileFetcher, Flysystem, Gaufrette or vfsSystem to your dependencies. While those libraries are nice, they are additional dependencies and some add additional capabilities like caching or providing a unified interface to cloud storage.

How to protect your privacy by changing your Git commit times

Your Git commit logs provide a good approximation of your habits and time zone: When you sleep, if you are working full time, which projects are private and and which are work-related (weekend vs workday commits), when you go to lunch, etc. By setting the environment variables GIT_AUTHOR_DATE and GIT_COMMITTER_DATE before committing, you can change the recorded time of a commit. But always setting those variables before committing becomes tedious, so I experimented with a shell function that sets the environment variables for me.

Impressions from SwanseaCon 2016

I attended the SwanseaCon 2016, a conference about Agile Development & Software Craftsmanship. I enjoyed most of the talks and took some notes for the most interesting stuff: My two favorite talks Immutable architecture “Your servers are not your pets” - don’t give them names, don’t tend to them with complex state-based configuration management software like Puppet and Chef, don’t get emotionally attached. Just build the environment you need using simple tools like Ansible, deploy the code to it, put it behind your load balancer and throw the old one away.

Blog reboot

I’ve migrated this blog from Drupal 6 to the static site generator Spress. As a developer I work best with version-controlled plain text files and in the sure knowledge that my “CMS” is not reachable from the internet. I’ve dropped three heavily outdated posts in the process. The URLs of the old blog never worked right (since I had mixed language content), so felt no need to keep them. The design is a stand-in until I have the time to do something better.