Guac’s great, but there’s no interface for changing the TOTP key once it’s set for a user.

I’m using docker-compose to build this, so your method might be different.

Connect to postgresql:

psql guacamole postgres

To make sure you’re in the right db, type \dt and hit enter, it should show you a bunch of tables starting with guacamole_.

This is the query, copypasta should do it.

select entity.name, uid.user_id, uattr.attribute_value 
from guacamole_user as uid, 
    guacamole_user_attribute as uattr, 
    guacamole_entity as entity 
where uattr.attribute_name='guac-totp-key-secret' 
    AND uid.entity_id=entity.entity_id
    AND uid.user_id=uattr.user_id;

And the result I get (I’ve only got one user)

This post on the Netflix Tech Blog about rebuilding one oftheir applications using Hexagonal Architecture patterns was a fascinating read. I’d never argue for every project to have a big universal interfacing method or connectors everywhere, but at some point you realise your platform needs it.

The idea of Hexagonal Architecture is to put inputs and outputs at the edges of our design. Business logic should not depend on whether we expose a REST or a GraphQL API, and it should not depend on where we get data from — a database, a microservice API exposed via gRPC or REST, or just a simple CSV file.

[Read More]

Installing the requirements should be easy, just run:

$ pip3 install --user platformio

Truncated output should look like this:

Looking in indexes: https://pypi.org/simple, https://www.piwheels.org/simple
Collecting platformio
  Downloading https://files.pythonhosted.org/packages/15/58/49a7134412731bd585f996d9c69e70f7eff0bacf795a7a55524dadf412cd/platformio-4.3.1.tar.gz (169kB)
    100% |████████████████████████████████| 174kB 1.2MB/s
<snip>
Successfully built platformio
Installing collected packages: bottle, marshmallow, pyelftools, semantic-version, tabulate, platformio
Successfully installed bottle-0.12.18 marshmallow-3.5.1 platformio-4.3.1 pyelftools-0.26 semantic-version-2.8.4 tabulate-0.8.7

To set up the drivers to use the SK6812 properly, there’s a few configuration changes that need to be done. Open Tasmota/tasmota/my_user_config.h in a text editor and search for USE_WS2812. You’ll want to update the next few lines to match these. We’re going to make sure the DMA thing’s commented out, (// at the start of the line), the hardware’s set to be right, and the colour type is set to GRBW, because SK6812’s have their colours in a different order.

That’s a new name for it.. the Strangler. Putting a smart load balancer between clients and your legacy application can help with migrations.

You no longer need to get the new system up to feature parity for clients to start using it! Instead, new features get routed to the new server, while old ones stay with the legacy system. When you do have time or a business reason to replace an existing feature the release is nothing more than a config change.

[Read More]

I needed a VPN from one house to another for running the Ubiquiti Unifi AP’s I’m setting up at RMB’s house… I used to have mikrotik’s at each end so that was a fairly simple setup. This time it was from Mikrotik at one end to OPNsense at the other. IPSEC is … fun sometimes.

Here’s a diagram of the layout. A /16 at each house, connected over the internet.

+---------------+   +---------+   +----------+   +---------+   +---------------+
| Local Network +---+ House 1 +---+ Internet |   | House 2 |   | Local Network |
| 10.0.0.0/16   |   | 5.5.5.5 |   |          +---+ 9.9.9.9 +---+ 10.1.0.0/16   |
+---------------+   +---------+   +----------+   +---------+   +---------------+

Configuring OPNsense

There’s a few steps to this one.

The Woman Shaking up the Diamond Industry, a recent article in the New Yorker, reminds me of how terribly broken our society is due to corporate greed.

Talking about N. W. Ayer & Son, the company that De Beers hired to make diamonds more alluring to the market in the United States:

One Ayer copywriter, Frances Gerety, recalled that women formerly wanted their future husbands to spend money on “a washing machine, or a new car, anything but an engagement ring,” which was considered “money down the drain.” Gerety changed this perception by creating the slogan “A Diamond Is Forever” for De Beers. Ayer loaned extravagant diamond jewelry to celebrities; as one of the company’s publicists put it, “The big ones sell the little ones.” Demand grew, and so did supply. In the nineteen-twenties, about three million carats of rough diamonds were produced worldwide every year; by the end of the seventies, the number had climbed to some fifty million carats.

[Read More]

I won’t spoil the ending, but this Harvard Business Review article on one of the worst and draining types of leadership explains why I left my last work.

A young friend recently remarked that the worst boss he ever had would provide him with feedback that always consisted of “You’re doing a great job.” But they both knew it wasn’t true — the organization was in disarray, turnover was excessive, and customers were not happy. My friend was giving it his all, but he needed more support and better feedback than he received. He wanted a leader who would be around when he needed them, and who would give him substantive advice, not platitudes. As a measure of his frustration, he said, “I would rather have had a boss who yelled at me or made unrealistic demands than this one, who provided empty praise.”

[Read More]

A family member has been using Dodo’s ADSL2+ service for a long time and it worked fine for their needs. Recently (before the rest of us, thanks Turnbull and co-conspirators!) she was upgraded to the Fibre To The Curb system, which meant a few tweaks. They sent her a shiny Huawei HG659, which I had no intentions of using. The Mikrotik in place was doing the job fine, took up less space, and maintaining it would mean nothing else had to be reconfigured.

I use Overcast to listen to all my podcasts, it’s a great app by Marco Arment. Smart Speed shortens the listen time by shortening longish silences in speech like magic.

I’m a data nerd, and the app shows how many hours Smart Speed has saved (281 hours) but not the amount of podcasts I’ve got outstanding or how many I’ve listened to.

You can export the OPML feed for your account from the accounts page, including the “All Data” feed - which is handy to summarise the data I want. It’s an XML file, and I’m a python nerd so I used the untangle library to do it. I’m sure there’s better ways to do it, but this is a quick hack.

• run command prompt as admin

• “c:”

• “cd c:"

• “netsh wfp show filters”

• This’ll create “filters.xml”

• “notepad filters.xml”

• ctrl-f and find “CrowdStrike WFP Provider”

• The “providerKey” will be a GUID for the filter - an example is the following:

• Open registry editor as admin

• Browse to HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BFE\Parameters\Policy\Persistent\Provider - or search for a “value” matching the providerKey above (eg “{dd00a9d2-2593-497a-b84e-a1c47ab952d5}”)

• Back up the registry folder - right click “provider” and click export. Save this to a file.

  [Read More]