For a mobile app I’m doing some front-end development and the design includes a lot of avatars. Unfortunately we don’t have any avatars of our users. Fortunately we do have their names and I’ve learned from Outlook and Trello that you can make great avatars with a user’s initials. In this post I show how to do this using PHP. Our goal The target is to create the following avatar with initials “MS” for my name “Maurits van der Schee”: ...

When your Symfony (PHP web framework) project uses AJAX requests and sessions (logging in) you may run into this 2012 bug where Symfony does not lock the session allowing for data loss on concurrent AJAX requests. I fixed the bug in 2014 in the SncRedisBundle, but that merge was reverted last year, creating an issue for some high traffic sites. In this post I propose a better solution for Symfony. Quick workaround The quick workaround is to use the NativeFileSessionHandler class, which uses the session storage (handler) in the php.ini (using session.save_handler and session.save_path) that does store session files on disk. As long as sessions are not working reliable (due to lack of locking) I advice to stay away from Symfony’s Redis and Memcache support for session storage and use this native variant (that does support locking). ...

I’ve written PHP-CRUD-API (3k Github stars) that lets you publish an instant REST API for an existing database. The latest version supports a mapping to allow you to clean up the names of your tables and columns. Other important features such as authentication and authorization were already supported. This recent addition makes the software better suited to publish a modern API on legacy systems (that run on MySQL, PostgreSQL or SQL Server). ...

Windows 10 professional supports full disk encryption with a PIN and a Trusted Platform Module (TPM) chip with it’s Bitlocker technology. If you don’t have (or believe in) TPM you can use either a pass-phrase or a USB startup key (file on a USB stick) to unlock your Bitlocker encrypted drive. When I apply full disk encryption on machines at the office it is to protect the data in case of computer theft. For machines that have a single user (me) I use a pass-phrase while for machines have multiple users I use a USB startup key. I carry the USB startup key on my key chain. Using a pass-phrase or USB startup key makes the confidentiality of the data on the system easier to understand and reason about, which attributes to real security. ...

Visual Studio Community 2022 is a very advanced IDE that has very good support for Visual Basic and the cross platform .NET 5. A C# programmer can choose to use Visual Studio Code, but that has no (language) support for Visual Basic. And since I was working on a Visual Basic application I was using Visual Studio Community as an IDE. This post explains the incompatibility between .NET 5 and a custom “Build Task” in Visual Studio Community’s build tool “MSBuild” (also applies to Visual Studio Professional). ...

I feel that using full disk encryption of laptops is a must. Not to protect against attacks with physical access (to the unencrypted boot loader or unprotected BIOS), but to avoid leaking data when the laptop is either lost or stolen. Entering a long passphrase is not very convenient, especially when you are sharing the device with multiple people. This post will explain how to unlock your computer by inserting a USB drive containing a key file, while still allowing to unlock using a passphrase. At the end of the post we describe how to conveniently hide the USB drive in Windows and Linux. ...

I feel that using full disk encryption of servers is a must. Not to protect against attacks with physical access (to the unencrypted boot loader or unprotected BIOS), but to avoid leaking data when a disk or computer is either stolen or replaced. But what do you do when you need to reboot your server and have no console access to enter the passphrase? This post will explain how to run a simple SSH server during the boot process to allow remote unlocking of the encrypted root partition. ...

Firefox has a bug in its HTTP3 implementation causing the browser to hang or use a lot of CPU. You can temporarily disable HTTP3 as a workaround for the problem. You need to go to “about:config” and set “network.http.http3.enabled” to “false”. In this post I’ll show you how to do this using a script on Linux. On Linux Disable HTTP3 (as a user preference): echo 'user_pref("network.http.http3.enabled", false);' | tee -a \ $(find ~/.mozilla -name prefs.js | sed "s/prefs/user/g" | xargs) Revert disabling HTTP3: ...

I was not very pleased to find that Ubuntu replaced “Software” application with “Snap Store” in the latest software updates. I don’t like snaps anyway, so this was a good reason to both get rid of all installed snaps. Also I removed the snap-store (which is a snap as well) and installed the old (Gnome) Software application. In this post I explain you how to do this. Step 1: Get rid of all installed “snaps” First lets see what snaps are in use: ...

I’m running a Ubuntu Server 20.04 LTS as (headless) KVM host for my Windows VMs. When somebody tries to connect to a powered off VM via RDP, I want that VM to power on. Fortunately all RDP connections are tunneled over SSH and the “auth.log” logs these failed attempts: Jan 2 08:41:53 bastion sshd[26080]: error: connect_to win10-vm1 port 3389: failed. Bash script that responds to this log line I wrote a small bash script that continuously reads lines from “/var/log/auth.log” and tries to start virtual machines (called “domains” in KVM) with the name of the host that the RDP connection (on port 3389) is made to. This is the script “wake-domain.sh”: ...