Encrypting credentials like SSH keys or database passwords and putting the encrypted file in a semi-public Git repository is both convenient and scary. Convenient because every user of the repository only has to know only one password. Scary because you now rely on encryption and passwords instead of other security practices. So the question arose in my team “Assuming there are no implementation errors, how secure are Ansible Vaults?” Since the first 10 Google results did not answer this question quick enough, I decided to read the source code and answer the question myself.
I attended the Wikimedia Hackathon 2017 in Vienna. This is a summary and review of what I learned there while working on the prototype of the “Advanced Search Form” extension for MediaWiki. The first hurdle for working on the feature was setting up a MediaWiki environment. The recommended way is the Vagrant environment, but I’ve had bad experiences with that in the past and did not want do download tons of stuff over the conference WiFi.
This article will teach you how create user accounts with the configuration management software Ansible. You will learn how to create users with passwords, SSH-only users and users with temporary passwords that must be changed. Some background on passwords on Linux The file /etc/passwd hints at passwords, but stores only an “x” or other character where the password has been stored historically. The real passwords are stored in the file /etc/shadow, in a hashed format.
My last PHP update broke Spress, the static site generator I use for this blog. I decided to move my blog generation to a more stable and portable environment - a Docker container. I’ve documented what I did and what I learned with this blog post. This is my first attempt to do something with Docker, please excuse any bad practices. You can find the finished Dockerfile at https://github.com/gbirke/spress-docker.
Test-driven driven development in PHP can become a pain when you’re dealing with the file system. The builtin functions like stat, getfilemtime, fopen and fgets assume the existence of actual files. Until now, I assumed you’d have to add a library like FileFetcher, Flysystem, Gaufrette or vfsSystem to your dependencies. While those libraries are nice, they are additional dependencies and some add additional capabilities like caching or providing a unified interface to cloud storage.
Your Git commit logs provide a good approximation of your habits and time zone: When you sleep, if you are working full time, which projects are private and and which are work-related (weekend vs workday commits), when you go to lunch, etc. By setting the environment variables GIT_AUTHOR_DATE and GIT_COMMITTER_DATE before committing, you can change the recorded time of a commit. But always setting those variables before committing becomes tedious, so I experimented with a shell function that sets the environment variables for me.
I attended the SwanseaCon 2016, a conference about Agile Development & Software Craftsmanship. I enjoyed most of the talks and took some notes for the most interesting stuff: My two favorite talks Immutable architecture “Your servers are not your pets” - don’t give them names, don’t tend to them with complex state-based configuration management software like Puppet and Chef, don’t get emotionally attached. Just build the environment you need using simple tools like Ansible, deploy the code to it, put it behind your load balancer and throw the old one away.
I’ve migrated this blog from Drupal 6 to the static site generator Spress. As a developer I work best with version-controlled plain text files and in the sure knowledge that my “CMS” is not reachable from the internet. I’ve dropped three heavily outdated posts in the process. The URLs of the old blog never worked right (since I had mixed language content), so felt no need to keep them. The design is a stand-in until I have the time to do something better.