I’ve always loved retro keyboards. Back at my previous job I used to
use a Keytronic keyboard
that I salvaged from the university’s trash room. I liked the 80’s/90’s beige aesthetic, the huge
keys, and the sound of typing on it. But it wasn’t a mechanical keyboard, just rubber dome. Once
I got to type on a mechanical keyboard, I knew I wanted one, but that meant I had to put my trusty
Keytronic to the side.
So about a month ago, I was very surprised and excited when I found an old looking keyboard in the
trash bin at my current employer.
I use OBS Studio to store replays of my games with my friends for later.
OBS writes two audio tracks to the file, one for game audio and one for my
mic. I was surprised to find that multi-track files were not properly supported
by many programs like Handbrake (or YouTube for that matter), so I needed to
combine the audio tracks.
When improving Code::Stats’s Atom plugin, I wanted to add the plugin version
as the User-Agent header: code-stats-atom/x.y.z. I used the fetch API and set the header there but it did nothing!
By googling a bit I found that User-Agent used to be a “dangerous” header that wasn’t allowed to be set in browsers.
It was only recently allowed, but Chromium
has not implemented support for it.
I’ve known GitLab has existed for a long time, but haven’t really paid any attention to it before. This week I decided to
take a closer look and it looks really nice. The UI is much better than the new horrid BitBucket UI at least, and it
offers free private repos like BitBucket does. As a bonus, it’s mostly open source and that’s something I want to support.
So I’m moving at least all my stuff from BitBucket over, like Mebe’s repo. Not sure yet if I’ll move Code::Stats’s
stuff over. GitLab’s builtin CI stuff does seem tempting though.
People commented so nicely on my first build tool FBU
that I decided to push it to the Elixir package manager Hex.pm. I renamed
it, though, since people pointed out that it could be used to build anything, not just the
front end. So now it’s called (still unimaginatively) MBU: Mix Build Utilities.
EDIT 2017-04-04: I have since renamed the project to MBU: Mix Build Utilities and published it on
Hex.pm: hex.pm/packages/mbu. I have edited the links and code examples in this post to
tl;dr I wrote my own build tool using Elixir’s Mix:
It’s no secret that I somewhat dislike the state of modern
is the ecosystem and tooling around it. There’s a lot of innovation and hard work going on
in very many fragmented projects, resulting in reimplementations of already solved problems
and a ton of half working, alpha quality, 0.x versioned packages with unknown support status.
With these packages, you start your project by building an elaborate house of cards that is
the build system. And you dread the day when you need to touch it again.
As part of my Trainfulness project, I sometimes
upload Creative Commons licensed videos to YouTube. I always make sure I have
the proper licence, as I want to play fair with content creators such as NRK
(the Norwegian Broadcasting Company). But lately I have received a couple of
copyright claims from the company Pirames International. This would not be
that much of an issue if YouTube did not make handling the cases extremely
Load testing is an integral part of deploying any web service. It should be
done already in the development phase to find bottlenecks and after deployment
when users’ usage patterns are better known. That’s not where it stops, though,
as load testing can also be used as a regular part of the web service’s
maintenance. Deploying new features without checking their effect on the
performance of the service can be a fatal mistake, which is why load testing
could be very important when integrated with a continuous integration or
continuous deployment system.
Reddit is a good place to share content, but also a good place to attempt to make some money
on clicks from unsuspecting or indifferent users. Lately I’ve been seeing a pattern regarding
videos stolen from other YouTube channels, reuploaded and monetized with ads. These videos are
then mass posted on Reddit by bots masquerading as real users.
tl;dr: Spambots are posting links to stolen videos on Reddit, copying comments from others
to masquerade as legitimate users.
In my last post I wrote about StartCom’s new StartEncrypt service and its misleading advertisement email. In it I mentioned that they were not using the ACME protocol that Let’s Encrypt is using, but their own StartAPI protocol, for which documentation is behind a login. Their client was also not open source.
It didn’t take long for the first security issues to be found. Computest found multiple vulnerabilities in the StartEncrypt API and client, the most critical of which allowed the user to fetch certificates for domains outside their control. Domains like google.com, facebook.com etc. The following quotes speak volumes about the security of StartEncrypt:
A malicious client can specify a path to any file on the server for which a certificate is requested. This means that, for example, anyone can obtain a certificate for sites like dropbox.com and github.com where users can upload their own files.
The client doesn’t check the server’s certificate for validity when connecting to the API, which is pretty ironic for an SSL tool.
As Computest points out, when a certificate authority publishes a service which such problems, they are undermining the thing they are paid for – the trustworthiness of their certificates. Personally, after the latest events with StartEncrypt, I would no longer recommend StartCom to anyone, for neither paid nor free certificates.