Background

A while ago I purchased a Nest camera because I liked the idea of only having to provide power and a WiFi connection to get a nice security system.

The fact that you could control it with Works with Nest (their open API) was a major factor in that decision.

Then Google bought Nest, and disabled access for users who didn’t sign up in time (including me).

Introduction

While it’s pretty easy to look up bugs and the corresponding bug-fix for open source projects, you rarely see the process that went into it.

I think it’s in the benefit of everyone that we also share the how, not just the what, because at the worst, you just read something you already knew, but at the best, you learn about new approaches/tools/thinking.

Context

I found some spare time to maintain one of my side projects, Graticule.

After bringing the dependencies up to date, I started testing the new build on some older Android phones that I keep laying around (an approach that has caught more bugs than just limiting myself to emulators).

On one of them, specifically an Alcatel OT 918 (Android 2.3.6 / API 10), the SSL handshake failed.

While reading David’s “One year as a Data Scientist at Stack Overflow”, I’ve learned about one of their products: Providence (a system for matching users to jobs they’ll be interested in).

Not sure why I’ve never heard about it before, but anyway, I was curious to see what it learned about me.

Luckily that wasn’t very hard, since they offer a way to download your personal providence data.

Dacă ai PFA și ai primit decizia de impunere, probabil ai observat că datele necesare efectuării plății obligațiilor fiscale sunt incluse foarte elegant spre finalul deciziei:

If you try to add an ubuntu PPA using add-apt-repository, e.g.:

sudo add-apt-repository ppa:webupd8team/java

And you get the following error:

[...]  
gpg: keyring `/tmp/tmpG9Z_HY/secring.gpg' created  
gpg: keyring `/tmp/tmpG9Z_HY/pubring.gpg' created  
gpg: requesting key EEA14886 from hkp server keyserver.ubuntu.com  
?: **keyserver.ubuntu.com: Connection refused**  
gpgkeys: HTTP fetch error 7: couldn't connect: Connection refused  
gpg: no valid OpenPGP data found.  
gpg: Total number processed: 0  
recv failed

Having recently migrated Graticule’s backend to MongoDB 3 (which was surprisingly easy), I’ve noticed a lot of the methods used in the Java driver have been deprecated.

Most of them were easy to figure out, but tailable cursors presented a bit of a challenge.

As you may have noticed, a rather serious Ubuntu privilege escalation exploit has been disclosed today:

CVE-2015-1328: incorrect permission checks in overlayfs, ubuntu local root

The overlayfs filesystem does not correctly check file permissions when creating new files in the upper filesystem directory. This can be exploited by an unprivileged process in kernels with CONFIG_USER_NS=y and where overlayfs has the FS_USERNS_MOUNT flag, which allows the mounting of overlayfs inside unprivileged mount namespaces. This is the default configuration of Ubuntu 12.04, 14.04, 14.10, and 15.04 [1].

Introducere

Folosind date publice, vom efectua o analiză asupra parcului auto din România.

Introduction

In this post we will be looking at how to self-host git using gitolite.