Reverse engineering the Nest home/away API

Background

A while ago I purchased a Nest camera because I liked the idea of only having to provide power and a WiFi connection to get a nice security system.

The fact that you could control it with Works with Nest (their open API) was a major factor in that decision.

Then Google bought Nest, and disabled access for users who didn’t sign up in time (including me).

Read more →

Tracking down an old OkHttp regression

Introduction

While it’s pretty easy to look up bugs and the corresponding bug-fix for open source projects, you rarely see the process that went into it.

I think it’s in the benefit of everyone that we also share the how, not just the what, because at the worst, you just read something you already knew, but at the best, you learn about new approaches/tools/thinking.

Context

I found some spare time to maintain one of my side projects, Graticule.

After bringing the dependencies up to date, I started testing the new build on some older Android phones that I keep laying around (an approach that has caught more bugs than just limiting myself to emulators).

On one of them, specifically an Alcatel OT 918 (Android 2.3.6 / API 10), the SSL handshake failed.

Read more →

What does StackOverflow’s personalized prediction data think of you?

While reading David’s “One year as a Data Scientist at Stack Overflow”, I’ve learned about one of their products: Providence (a system for matching users to jobs they’ll be interested in).

Not sure why I’ve never heard about it before, but anyway, I was curious to see what it learned about me.

Luckily that wasn’t very hard, since they offer a way to download your personal providence data.

Read more →

Work-around for when keyserver.ubuntu.com is down

If you try to add an ubuntu PPA using add-apt-repository, e.g.:

sudo add-apt-repository ppa:webupd8team/java

And you get the following error:

[...]  
gpg: keyring `/tmp/tmpG9Z_HY/secring.gpg' created  
gpg: keyring `/tmp/tmpG9Z_HY/pubring.gpg' created  
gpg: requesting key EEA14886 from hkp server keyserver.ubuntu.com  
?: **keyserver.ubuntu.com: Connection refused**  
gpgkeys: HTTP fetch error 7: couldn't connect: Connection refused  
gpg: no valid OpenPGP data found.  
gpg: Total number processed: 0  
recv failed
Read more →

Creating a tailable cursor on MongoDB 3 with the Java driver API

Having recently migrated Graticule’s backend to MongoDB 3 (which was surprisingly easy), I’ve noticed a lot of the methods used in the Java driver have been deprecated.

Most of them were easy to figure out, but tailable cursors presented a bit of a challenge.

Read more →

Quick fix for CVE-2015-1328

As you may have noticed, a rather serious Ubuntu privilege escalation exploit has been disclosed today:

CVE-2015-1328: incorrect permission checks in overlayfs, ubuntu local root

The overlayfs filesystem does not correctly check file permissions when creating new files in the upper filesystem directory. This can be exploited by an unprivileged process in kernels with CONFIG_USER_NS=y and where overlayfs has the FS_USERNS_MOUNT flag, which allows the mounting of overlayfs inside unprivileged mount namespaces. This is the default configuration of Ubuntu 12.04, 14.04, 14.10, and 15.04 [1].

Read more →

Setting up gitolite on Ubuntu 12.04 LTS

Introduction

In this post we will be looking at how to self-host git using gitolite.

Read more →