Category Archives: software

A practical guide to using KeePass password manager

Thinking about using a password manager that is free, secure and you have your doubts about the online ones? Well lucky you, this is just the post you are looking for.
With all these hacks and breaches going around you shouldn’t be reusing passwords and you know it. Instead, you can let a password manager generate long and gibberish-like random passwords for all your logins. That way hackers have to throw a thousand cores and millions of years at it before they can crack them. If they crack one anyway, it won’t matter much because it will only work on that one site.
Trusting all your passwords to a piece of software? Is that a good idea? What about if I need my passwords on another machine, or my phone? What if I’m on vacation?
I’ve been storing all my passwords in KeePass for many years now, so I’ll share my setup. You can use this as inspiration to set up your own KeePass flow.

Why KeePass

There are a few cloud-based alternatives out there but when I started with KeePass those weren’t around yet or I didn’t know about them.
I thought about switching to one but eventually didn’t because:

  1. They are not free or have limited free-plans.
  2. They are using proprietary software, so you can’t tell how they work and if they really do store your passwords safely. KeePass however is open source and has been audited for security in the past.
  3. Storing all your passwords on a server owned by someone else without a local backup sounds like a bad idea to me.
  4. Some can’t be used for things other than websites. Like desktop app credentials. Or even SSH logins and other weird and geeky stuff you need random secrets for.

Yes they are slightly more convenient and look a bit more polished. But for me that doesn’t weigh up against the extra control I get with KeePass.

Installing KeePass

KeePass exists for Windows, Linux, macOS and Android. It’s a typical installation. If you’re as geeky and paranoid as me you download it from the main site and you check the md5 hash of the installation files. That way you’re 100% sure you didn’t download some altered or hacked version. It hasn’t happened with KeePass before, but it did happen to the Linux Mint ISO’s at one point so you can never be sure.

There is a getting started guide on the KeePass website that guides you through setting up and creating a first database. This Lifehacker post does the same thing and also has some nice screenshots for guidance.

Securing your password database

When it comes to securing your password database you have to make sure your master password to unlock it is of course a pretty damn good one. It has to be as long as possible (at least 10 characters, but more is better), higher case, lower case, number, special characters, the whole shebang. On top of that, you’ll have to be able to remember it too. So I guess this is one of the hardest bits.
There are tricks to make this easy though. Think of a good phrase you can easily remember. Or any list of words. Take the first or first few letters of each word, mix it up with some special characters and you end up with something hard to crack and easy to remember.
Or just come up with a good passphrase of random words you can remember. Don’t use Correct Horse Battery Staple or a popular lyrics phrase because they are probably in some password list database already. You can use a word list to generate a random password using the EFF word lists and some dice, or use one of the many generators online.

Just be original. Or try anyway.

Small steps

When I started out I didn’t trust KeePass enough to dump and change all my passwords from day 1. I started out simple, by adding new sites I registered to and use randomly generated passwords from the built in password generator. Later I added sites I frequently used and changed their passwords to more complex ones. Now everything is in there. But not every password is random though. Really important accounts I have in my head too, using a unique, complex password that I can still remember. Really important accounts also have 2-factor authentication activated so even if a hacker finds the password, they still won’t get in.
Knowing those key passwords is also a fallback in case I don’t have access to my KeePass DB for some reason.

Syncing the DB

Now you want to use this on more machines than just your laptop I guess.
There are a few options:

  1. You put the DB on a thumb drive you always have on you. This is a good backup too. You can use PortableApps or a portable KeePass version on the thumb drive and use it anywhere like that.
  2. You sync the DB to your favorite cloud drive and sync it to every machine you want to use it on.

I use Dropbox myself which is great for this to sync between home, work and my phone. OneDrive would also work as it works pretty much the same way.
If you want to get your own Dropbox drive (2 GB free), use this link. Use that to get 500 MB bonus space, and so do I ;).
There are also a number of plugins for KeePass to sync to Google Drive, FTP, and other online providers, so I’m sure you’ll find something you like.

On your phone

Phone closeup with simcard and micro SD card.

If you want access to your passwords on your phone, you’ll need some extra apps. I use Android myself, but I’m sure the same apps exist for iOS.
You will need 2 apps, one to be able to open and use the database, and then something to sync the file to your phone. Unless you do that manually, but I wouldn’t advise it.

To use the database there are plenty of options when you search for KeePass, but the best one I’ve used so far is Keepass2Android.

For syncing the file to my phone I use Dropsync. This syncs a Dropbox folder to a folder your phone. You can use the free version if you’re only setting up 2 folders.
You can also use the Dropbox app itself and mark the file to be available offline, but I’ve noticed this doesn’t always work. I often ended up with an old version of the database when I needed it.
Maybe in the future this’ll get better, but until then, Dropsync is what I’m using.

Extensions

KeePass has a ton of plugins allowing you to customize it for all sorts of things. There are plugins to have it integrate in your browser, synchronize files over all sorts of protocols and services, export, import, add visual features and whatever.

I use as little plugins as possible though, as each plugin has access to your database and can be a possible vulnerability. Yes. Tin-foil hat here. But LastPass’ Chrome plugin leaked your login credentials a while ago, so there you go.

By using the standard keyboard shortcuts on PC you can get a long way already. Be sure to check out the Auto-Type override documentation if you have a website which isn’t playing nice with the defaults. You can find a way to get it to work for 99% of the websites out there. The other 1% just have really shitty UX.

cool vim tips and tricks you might not know

Vim has tons of awesome shortcuts and features you pick up over time. Some of those I don’t use every day so I have to write them down so I can look them back up when I can’t remember exactly how it works. Instead of keeping them locked away in a text file, I’ll throw them online here and spread the Vim love. None of these need any special plugins. They should all work right out of the box with plain old Vim.

If you want to know more about a specific command listed here, use the Vim :help command to find out more. There are usually more options and possibilities for each of these commands and the Vim documentation is excellent.

Here we go!

When you are on the command line using a console application and you want to edit the output in Vim right away, or open that long list of possible command line switches in Vim for reference, this one will come in handy.
I’m using GVim here because since that opens in a separate window from your shell, this is the most useful.

ls *.txt | gvim -
docker -h | gvim -
git --help | gvim -

This one is for opening a ton of files in a single Vim instance from Powershell, in different tabs. This means you are running this from a Powershell console of course.

gvim -p (ls *.ps1)

For more Vim command line options run this in your favorite shell environment:

vim -h
gvim -h

How about opening a remote file, or fetch HTML from a page over HTTP using Vim:

:e https://n3wjack.net/

When you work with log files a lot, being able to delete lines containing or not containing a specific word can be just what you need.
These two commands are perfect to filter out obsolete exceptions and figure out what is causing that nasty production issue:

:g/DeleteAll/d
:v/DeleteAllButThis/d

Did you know that Vim has a spell checker? I didn’t know that at the beginning (try :h spell for more details).
To activate/deactivate:

:set (no)spell

To jump to the next / previous misspelled word:

]s
[s

To get a list of spelling suggestions (or use the mouse in GVim, which is quite practical):

z=

You can add a simple XML-tidy shortcut to your .vimrc file by adding the following command.
What it does is setting the file type to XML, removes spaces between opening & closing brackets, add a return character in-between the opening & closing brackets and finally formats the document so it looks all nice and indented.

nmap <leader>ppx <Esc>:set filetype=xml<CR>:%s/> *</></g<CR>:%s/></>\r</g<CR><ESC>gg=G<Esc>:noh<CR>

You can force syntax highlighting in Vim as follows for e.g. HTML, XML and Markdown.
Of course this works for a ton of other file types as well, as long as you can figure out what the extension/file type key is. But that’s pretty easy in most cases.

:set syntax=html
:set syntax=xml
:set syntax=md

I add shortcuts for any files I frequently edit by using the leader key and a letter combination that’s easy to remember.
For example this one to edit my custom .vimrc file when I press the leader key followed by “e” and “v” (edit vimrc).

nnoremap <Leader>ev :tabe ~\vimfiles\nj-vimrc.vim<CR>

That’s about it. For more nice Vim tips check out more Vim posts. Another good resource for bite sized Vim tips is the MasteringVim on twitter and it’s newsletter.

windows 10 upgrade on a dell xps 17 / L702x

I clean installed Windows 10 on my Dell XPS 17 L702x a while ago already and this post is merely here to indicate: yes, it works and it’s not even a big deal. This also got rid of Dell software junk preinstalled on my machine which is awesome.

Dell doesn’t support the Windows 10 upgrade though, which is why it scares people and your mileage may vary, but in my case the only thing that didn’t work anymore after the upgrade is my SD card reader. The drivers for that device haven’t been updated since the Windows 7 version and I didn’t find anything more recent. It took me a few months to find out it was broken, so that shows how much I need that thing.

So to summarize:

You can upgrade your OS or do a clean install with Windows 10, but your SD card reader will not work afterwards. If your life depends on that card slot on the left, it’s wise not to upgrade.

As always, be careful with drastic operations like this and backup your data first. For real this time. Plenty of stuff can go wrong and knowing that your data is safe makes it a lot less stressful if shit does happen to hit the fan.

getting rid of the McAfee Process Validation Service which I never installed

Recently I noticed my laptop was acting rather sluggish after rebooting. As a Windows geek I swiftly started the improved Windows 10 task manager and noticed something peculiar.

A “McAfee Process Validation Service” (or mfevtps.exe for you techies) was gobbling up a lot of CPU cycles. I know McAfee of course, but I never installed any of their antivirus products, so how on earth did that get on my system?

A screenshots showing the McAfee service scanning and slowing down my system why I didn't even install it. How queer.

I found out that this thing is actually a Windows service, which you can see in the Service tab of your Task Manager. So when you look into the startup tab to see what triggers the process, you don’t even see it there.

It also turns out that this bit of software is automatically installed when you run the McAfee Stinger antivirus detection software.
Now Stinger is great, or at least used to be great. It’s supposed to be a standalone executable you can just pop onto any system and use it to scan for viruses and malware without having to install any full blow antivirus suite.

Unfortunately this now also installs a bit of malware itself.

Now how do I get rid of something that I never installed? It can’t be found anywhere when you use the regular Windows uninstall tools. I knew this thing was sitting in my c:\windows\system32 folder, but I didn’t want to just rip it out by hand because there might still be some other crap littered here and there that I don’t know about, and might be causing problems once it’s half destroyed.

If found out that McAfee has a specific removal tool. I guess they get this question a lot…
Finally this MCPR.exe removal tool deleted the unwanted service and after a single reboot my system now is a tiny bit cleaner and a tiny bit faster again.

Which is nice.

fixing MSB3644 build errors and the point of .NET targeting packs

Build errors on build servers suck. If it builds locally, why the hell doesn’t it build on the build server? Well there’s plenty of reasons for that, but as a .NET developer is usually means that something you have on your machine that came with your Visual Studio install isn’t installed on the build server.
But you probably don’t want to install the full-blown VS on the build server, so the question now is: what bit do I need to install?

Recently I ran into the following build error on 1 specific build server (yep, not on another one, fun, fun, fun).

C:\Program Files (x86)\Microsoft Visual Studio\2017\BuildTools\MSBuild\15.0\bin\Microsoft.Common.CurrentVersion.targets(1111, 5): error MSB3644: The reference assemblies for framework ".NETFramework,Version=v4.5.2" were not found. To resolve this, install the SDK or Targeting Pack for this framework version or retarget your application to a version of the framework for which you have the SDK or Targeting Pack installed. Note that assemblies will be resolved from the Global Assembly Cache (GAC) and will be used in place of reference assemblies. Therefore your assembly may not be correctly targeted for the framework you intend.

It clearly has something to do with a project which targets .NET framework v4.5.2.
The answer in fact is right there. You need to install a “targeting pack”.
But WTF is that thing and why do I need it?

Apparently having the .NET framework itself installed on your machine isn’t enough to be able to build a project if that project targets a specific version of the .NET framework. It makes sense as the .NET framework installation is actually the runtime, used to run .NET applications, not build them.
If you want to build apps against a specific version of the .NET framework, you need that targeting pack as well on your build machine. This is either your development box, which has VS on it, and thus the required targeting packs which come with the VS installation. Or this can be your build server, where you have to install the targeting packs as well.

You can check what targeting packs you already have on a machine by checking the sub-folders in “C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework
For each supported framework version, there’s a v<version number> folder there. In my case there was no v4.5.2 folder on that one machine.

So where do you find those targeting packs for the various .NET framework versions? Microsoft luckily compiled a nice list where you can find all the download links and instructions.
For the versions listed as “included in VS 2017”, you can see them all listed in the VS 2017 installer if you go to the “Individual components” tab.

Look at all those .NET targeting packs.

So a shortcut to install all the packs at once, is to grab the VS2017 installer and use that one. But you might want to disable all the IDE specific stuff you won’t need on the build server though.

reactjs.net clearscriptv8 load error after publishing a website

Crash Here’s another ReactJS.NET quirk I ran into lately. While working on an ASP.NET site using the ReactJS.NET Nuget package to render content using React.JS server side we got this error message on the web server after deployment:

Cannot load V8 interface assembly. Load failure information for ClearScriptV8-64.dll:
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\root\4e3fedda\f5d1e0ef\assembly\dl3\68f03368\00cf5237_117bd201\ClearScriptV8-64.dll: Could not load file or assembly 'file:///C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\root\4e3fedda\f5d1e0ef\assembly\dl3\68f03368\00cf5237_117bd201\ClearScriptV8-64.dll' or one of its dependencies. The system cannot find the file specified.

The annoying bit here is that everything works fine locally, but not when it was deployed to the server using an Octopus package.
After debugging, searching online and going through the build log files I figured out that the problems could be caused by :

  • Missing DLL’s because of a missing Nuget package (quite obvious but not a problem in my case).
  • The VS 2013 C++ Redistributables are not installed on the server, which is a common cause for this error related to the ClearScript assemblies.

In my case the problem was a variation of the 1st problem. Once the web app was published, the DLL files where not in the expected bin\x64 & bin\x32 sub-folders, but in the root of the application’s bin folder. So the DLL’s where there, but not in the correct spot.

The cause of this problem is the _CopyWebApplicatonLegacy MS Build task which lives in the Microsoft.WebApplication.targets file.
This creates a _PublishedWebsites folder containing all the files you need to deploy to make your website run, yet it doesn’t trigger the build task used in the JavaScriptEngineSwitcher NuGet package which places those DLL’s in those x64 & x32 sub-folders. This special build task is included in the ReactJS.NET Nuget package, so you don’t have to do anything extra for this.
Because this task doesn’t get triggered in the step build to create the deployment package, the ClearScript-V8-64.dll, v8-x64.dll & ClearScript-V8-32.dll, v8-x32.dll don’t end up in their x64 & x32 sub-folders.

I fixed this by moving the files to their rightful location while creating the package for Octopus deploy with a PowerShell script. There’s probably a way to fix this with an extra build tasks too, but man, I spent so much time on finding this issue in the first place and I really didn’t feel like getting myself into that mess as well.

Photo by Ted Van Pelt, cc-licensed.