Vim has a lot of cool features, and one of them is the ability to take the text you are editing and run it through whatever text-parsing tool you like.
This tool can be a shell command, a standalone executable, or your very own script in your favorite scripting language. The magic is all in this vim command:
:%!<shell command>
This will dump your buffer as standard output to the shell command and replace it with whatever the output of that command is. You can also use this to fill up your buffer with text from a command, without having to switch to a console and copy-paste it. For example, this works fine:
:!dir *.*
But on with the magic stuff. Let’s use PowerShell to URL encode or decode text we have in our Vim buffer. To set this up, we first need a PowerShell script that does just that. Through the power of .NET, this is pretty easy. Here’s my decode-string.ps1 script:
There is one trick to make this all work: the $input variable. This magic variable will automatically contain all the input piped into the command, so you don’t need to specify an input parameter. It’s one of the automatic variables in PowerShell, just like $_.
Once you have these, all we need to do is set up some Vim bindings in our vimrc file to make this super easy to trigger.
What we do here is paste the current buffer’s text with %! to our script, by running the powershell.exe command. Passing in the -noprofile and -nologo make it run faster, because it skips loading custom user profile scripts. From now on I can paste a URL encoded string in my Vim, press <leader>dc and *bam*, I have the decoded text right there.
Nothing is stopping you from using this for all sorts of text manipulations. You could use this to generate and format code for example. A JSON formatter is an option, although I use the jdaddy plugin for that. You don’t have to use PowerShell either. You can use any command line tool or scripting language you like, as long as it uses standard input & output, and can be called from the command line in Vim.
I wrote about using Grid computing to fight cancer a while back using leftover Azure credits. So now with Corona having the world in its grip, it’s time to shift our attention to that nasty virus and throw some CPU cycles at it instead.
If you have an Ubuntu machine running somewhere and you want to install the Folding@Home client on it, you can do so by following the simple steps listed below.
If you had the World Grid Computing client installed already, you can stop that by using:
sudo /etc/init.d/boinc-client stop
If you want to full install instructions for the FAHclient or installation instructions for other flavors of Linux, check out the official installation guide. Once it’s running and processed a few work units, you can check your stats at this URL: https://stats.foldingathome.org/donor/yourname
This is searchable on the internet, but a little write-up might be useful if you are running into the same problem. Recently we upgraded some .NET Core applications running in a Docker container to .NET Core 3.1. A funny thing happened when we tested those apps, which is they simply stopped working and didn’t throw any errors to make us wiser on what the issue was.
That funny thing wasn’t so funny to be frank.
When figuring out what was going on we noticed that the app seemed to be hanging on creating a database connection. No exception was thrown, we didn’t get a timeout, it just got stuck on opening the connection.
After searching around a bit we ran into a number of GitHub issues related to this on .NET Core repos, where this one (https://github.com/dotnet/SqlClient/issues/201) sums it all up.
It turns out that the Docker image used for 3.1 is a Debian based image. On this image the OpenSSL TLS restrictions have been increased only allowing TLS 1.2 connections with a strong cipher, compared to the image used to build a 2.1 app. If your SQL server does not meet all of these requirements the .NET Core 3.x app will hang on trying to set up the database connection.
Great, but how do you fix this? Well there are 2 workarounds you can apply.
#1 Use the Ubuntu image instead of the Debian one.
By default, the Debian image is used if you let Visual Studio generate the Dockerfile. If you change this to one of the Ubuntu images, you are fine.
So instead of this in your Dockerfile:
FROM mcr.microsoft.com/dotnet/core/runtime:3.1-buster-slim AS base
You can use this:
FROM mcr.microsoft.com/dotnet/core/runtime:3.1-bionic AS base
If you don’t like using the Ubuntu image for some reason, you can still go for door number 2.
#2 Update the OpenSSL configuration
That OpenSSL configuration is stored in /etc/ssl/openssl.cnf. The lines that are the culprit are the MinProtocol setting and the CipherString. Depending on what your issue is (TSL 1.2 not available, or your cipher strength) you can change one, or both of these lines. The Debian config currently looks like:
Depending on what you need, you can lower the SECLEVEL to allow not-so-good ciphers, or lower the minimum protocol level if you can’t use TLS 1.2. That would look like this if you’d have to change both lines:
In your Dockerfile you can do this with the following statements:
RUN sed -i 's/MinProtocol = TLSv1.2/MinProtocol = TLSv1/' /etc/ssl/openssl.cnf
RUN sed -i 's/CipherString = DEFAULT@SECLEVEL=2/CipherString = DEFAULT@SECLEVEL=1/' /etc/ssl/openssl.cnf
The best idea is to get the SQL guys to upgrade security on the SQL server itself and make sure the default works. But in corporate environments this is something that can take a while and you probably need to get that app running yesterday, so…
Thinking about using a password manager that is free, secure and you have your doubts about the online ones? Well lucky you, this is just the post you are looking for.
With all these hacks and breaches going around you shouldn’t be reusing passwords and you know it. Instead, you can let a password manager generate long and gibberish-like random passwords for all your logins. That way hackers have to throw a thousand cores and millions of years at it before they can crack them. If they crack one anyway, it won’t matter much because it will only work on that one site.
Trusting all your passwords to a piece of software? Is that a good idea? What about if I need my passwords on another machine, or my phone? What if I’m on vacation?
I’ve been storing all my passwords in KeePass for many years now, so I’ll share my setup. You can use this as inspiration to set up your own KeePass flow.
Why KeePass
There are a few cloud-based alternatives out there but when I started with KeePass those weren’t around yet or I didn’t know about them. I thought about switching to one but eventually didn’t because:
They are not free or have limited free-plans.
They are using proprietary software, so you can’t tell how they work and if they really do store your passwords safely. KeePass however is open source and has been audited for security in the past.
Storing all your passwords on a server owned by someone else without a local backup sounds like a bad idea to me.
Some can’t be used for things other than websites. Like desktop app credentials. Or even SSH logins and other weird and geeky stuff you need random secrets for.
Yes they are slightly more convenient and look a bit more polished. But for me that doesn’t weigh up against the extra control I get with KeePass.
Installing KeePass
KeePass exists for Windows, Linux, macOS and Android. It’s a typical installation. If you’re as geeky and paranoid as me you download it from the main site and you check the md5 hash of the installation files. That way you’re 100% sure you didn’t download some altered or hacked version. It hasn’t happened with KeePass before, but it did happen to the Linux Mint ISO’s at one point so you can never be sure.
There is a getting started guide on the KeePass website that guides you through setting up and creating a first database. This Lifehacker post does the same thing and also has some nice screenshots for guidance.
Securing your password database
When it comes to securing your password database you have to make sure your master password to unlock it is of course a pretty damn good one. It has to be as long as possible (at least 10 characters, but more is better), higher case, lower case, number, special characters, the whole shebang. On top of that, you’ll have to be able to remember it too. So I guess this is one of the hardest bits. There are tricks to make this easy though. Think of a good phrase you can easily remember. Or any list of words. Take the first or first few letters of each word, mix it up with some special characters and you end up with something hard to crack and easy to remember. Or just come up with a good passphrase of random words you can remember. Don’t use Correct Horse Battery Staple or a popular lyrics phrase because they are probably in some password list database already. You can use a word list to generate a random password using the EFF word lists and some dice, or use one of the many generators online.
Just be original. Or try anyway.
Small steps
When I started out I didn’t trust KeePass enough to dump and change all my passwords from day 1. I started out simple, by adding new sites I registered to and use randomly generated passwords from the built in password generator. Later I added sites I frequently used and changed their passwords to more complex ones. Now everything is in there. But not every password is random though. Really important accounts I have in my head too, using a unique, complex password that I can still remember. Really important accounts also have 2-factor authentication activated so even if a hacker finds the password, they still won’t get in.
Knowing those key passwords is also a fallback in case I don’t have access to my KeePass DB for some reason.
Syncing the DB
Now you want to use this on more machines than just your laptop I guess.
There are a few options:
You put the DB on a thumb drive you always have on you. This is a good backup too. You can use PortableApps or a portable KeePass version on the thumb drive and use it anywhere like that.
You sync the DB to your favorite cloud drive and sync it to every machine you want to use it on.
I use Dropbox myself which is great for this to sync between home, work and my phone. OneDrive would also work as it works pretty much the same way. If you want to get your own Dropbox drive (2 GB free), use this link. Use that to get 500 MB bonus space, and so do I ;). There are also a number of plugins for KeePass to sync to Google Drive, FTP, and other online providers, so I’m sure you’ll find something you like.
On your phone
If you want access to your passwords on your phone, you’ll need some extra apps. I use Android myself, but I’m sure the same apps exist for iOS. You will need 2 apps, one to be able to open and use the database, and then something to sync the file to your phone. Unless you do that manually, but I wouldn’t advise it.
To use the database there are plenty of options when you search for KeePass, but the best one I’ve used so far is Keepass2Android.
For syncing the file to my phone I use Dropsync. This syncs a Dropbox folder to a folder your phone. You can use the free version if you’re only setting up 2 folders.
You can also use the Dropbox app itself and mark the file to be available offline, but I’ve noticed this doesn’t always work. I often ended up with an old version of the database when I needed it.
Maybe in the future this’ll get better, but until then, Dropsync is what I’m using.
Extensions
KeePass has a ton of plugins allowing you to customize it for all sorts of things. There are plugins to have it integrate in your browser, synchronize files over all sorts of protocols and services, export, import, add visual features and whatever.
I use as little plugins as possible though, as each plugin has access to your database and can be a possible vulnerability. Yes. Tin-foil hat here. But LastPass’ Chrome plugin leaked your login credentials a while ago, so there you go.
By using the standard keyboard shortcuts on PC you can get a long way already. Be sure to check out the Auto-Type override documentation if you have a website which isn’t playing nice with the defaults. You can find a way to get it to work for 99% of the websites out there. The other 1% just have really shitty UX.
