Friday, October 31, 2014

Thread safe concurrent svn update

Subversion (svn) update is not thread safe which means you cannot script an update that could interfere with some other update process or otherwise you will face:
svn: Working copy '.' locked svn: run 'svn cleanup' to remove locks (type 'svn help cleanup' for details)

Thursday, October 30, 2014

Kanban as a driver for continuous delivery

Our Kanban journey so far has been a rewarding experience. You can check my presentation on Continuous delivery to learn why and vote for yet another presentation on the subject in the upcoming 2014 ITPalooza event. The more likes I get the better chances I have to win a spot for the presentation.

Tuesday, October 28, 2014

On security: Avoid weak SSL v3

SSL v3 is a weak protocol we all use without noticing when we access anything “secure” on the web including native applications in our phones.

Applications providers should remove support for it and users/help desk personnel should update browsers. Failure to do this will add to chances to get any of your online accounts compromised.

What steps should you follow to protect yourself?
  1. Go to https://dev.ssllabs.com/ssltest/viewMyClient.html to understand if your browser is secure
  2. If you get a message like "Your user agent is vulnerable. You should disable SSL 3.” then follow the instructions from https://zmap.io/sslv3/browsers.html

Monday, October 27, 2014

On security: Test if your site is still using weak SHA1 from command line

Security wise you should check if your website is still using the weak SHA1 algorithm to sign your domain certificate. Marketing wise as well. With Chrome being one of the major web browsers in use out there your users will feel insecure very soon in your website unless you sign your certificate with the sha256 hash algorithm.

Google has announced Chrome will start warning users who try to visit websites that still use sha1 signature algorithm to generate their SSL certificates.

You can of course use https://www.ssllabs.com/ssltest/analyze.html?d=$domain to test those sites available to the wild. For intranet though you need a different tool which happens to work of course also for external sites:

Wednesday, October 22, 2014

On security Automate sftp when public key authentication is not available

The real question is why public key authentication is not available. Storing passwords and maintaining them secure is a difficult task specially when those are supposed to be used from automated code.

For some reason you still find servers and clients (which we do not control) that accept only passwords for authentication. My advice is educate but in many cases you simply are out of business if you do not "comply". Interesting ...

If you must connect using password then the below should help. Suppose you have a batch file with sftp commands for example a simple dir command (and others). You can send those to the lftp command: Use this at your own risk. Do not use it before communicating the risks.

Wednesday, October 08, 2014

svn: E175013: Access to '/some/dir' forbidden

The below error would look like lack of permissions however permissions hadn't change neither the user desktop environment where credentials were saved:
svn: E175013: Access to '/some/dir' forbidden
Looking inside "auth/svn.simple/*" I found a password that I tried but did not work. Password was incorrect and the easiest way to correct the situation is to force to connect with the user again, password will be prompted and after supplying it the svn.simple/* file will get updated:
svn --username myuser mkdir http......

Followers