Amar Kulo

Me and my unorganized thoughts

Disable escape shortcut to quit fullscreen on MacOS

If you have been annoyed like I did with Safari exiting full screen when you press escape key to cancel some dialog, there is easy solution to your problems.

Download karabiner-elements and install it. Karabiner Elements allow you to do simple and complex key modifications per key or per external keyboard or by any other criteria you might have.

After you install it, run it and to got Complex modifications tab. In the lower left corner press on Add rule button and then on Import more rules from the Internet button. You will be guided to the page where you can find all different kind of complex modifications you might think of. The one that you are interested at the moment is Application specific which there are 47 at the moment.

Application specific complex modifications

Expand this section and find following modification:

Don’t exit fullscreen when pressin ESC in Safari

Press import button and Safari will download it and automatically import it to Karabiner Elements.

Press Import button to install modification and you are done. Now we need to enable modification as well. On next screen you will have list of complex modifications and newly imported one should be there. To enable it, just press Enable button and that’s it!

Now list should look like this. Modification is imported and enabled and you can test it now in Safari. When you press Escape nothing should happen.

Karabiner Elements with modification installed.

Now you can close Karabiner Elements (it will continue running in background) and enjoy your full-screen Safari.

How to fix “Error loading viewer” error and Web ide editor not working on own hosted Gitlab server

I have my own Gitlab server where I have all the code I write. Today I was trying to check something fast in one of the source files on the server over the Web frontend for Gitlab and I couldn’t get file to show. 

All I would get is following error message.

Interesting. I tried Web IDE editor and I would get the same thing, just the message loading Web IDE editor and nothing would happen.

Next obvious step was to check console in Developer tools in Chrome. What I found there was an interesting error.

The problem is net::ERR:SPDY_PROTOCOL_ERROR, and as Gitlab server is behind Nginx server which acts as reverse proxy for it, this error can only come from it. The next step was to check error logs on the Nginx server.

2018/12/10 11:51:34 [crit] 1582#1582: *81392 open() "/var/cache/nginx/proxy_temp/1/01/0000000011" failed (13: Permission denied) while reading upstream, client:, server: git.server.address, request: "GET /assets/webpack/pages.ide.0f5d4844.chunk.js HTTP/2.0", upstream: ...

So error is obviously permissions based, Nginx server is caching .js and .css content but it doesn’t have permissions to access cached content. Solution was simple, just allow nginx to access all of the content in that folder and VOILA, everything works as it should.

sudo chown -R nginx:nginx /var/cache/nginx/

Recovering ATmega with wrongly programmed fuses

Today I did a big mistake. I programmed wrong fuses on ATmega328P. Of course it was the fuse that sets external oscillator value instead of internal one.

I tried to fix it with STK500 programmer and Atmel Studio but without any luck. Then I started searching for solutions and I found one that worked in the end.

If you overload external oscillator with high frequency, you will be able to erase chip, and erase fuse settings. First I tried this with STK500 and Atmel Studio but without any success.

Then I tried small USBASP programmer and eXtreme Burner – AVR software and it could detect chip but not erase it. Because I supplied oscillator clock from signal generator I was able to change frequencies and to try to find which one would work. I have tested first clock simulation on 3-10KHz, but the one that worked for me was 4MHz with 5V amplitude, square wave. I was able to erase chip and then program it the right away. Just connect signal from signal generator to XTAL1 pin and you are good to go.

Of course, this took some time to do because of the following:

  • USBASP that I had was China copy, that Windows couldn’t recognize so I had to reprogram it with STK500
  • Then Windows wouldn’t recognize it or allow me to install driver because it wasn’t signed
    • To solve this press shift and restart Windows
    • On boot menu chose that you want advanced options
    • Then select startup settings and restart
    • When Windows restarts it will ask you which option do you want to enable or disable
    • Select “7. Disable driver signature enforcement”
    • Windows will boot and you can install driver that is not signed
  • You need to provide external power supply to the ATmega chip

What’s the point of security policies if you are not going to follow them up?

This post is more like a rant then a post but it is what it is.

In everyday work and life I keep finding people that think that policies are good to have but not so good to follow up and I’m really struggling to comprehend that kind of thinking, especially when it’s about security. I don’t get it why is it so hard to realize one simple fact, you don’t compromise with security. 

Continue reading

Project log: Cyclone PCB factory – part 1

Yesterday I have started building Cyclone PCB factory, a small PCB cnc machine with 3D printed parts. I have browsed a bit trough my parts stock at home that I have after lot of building and rebuilding of different kind of 3d printers and found that I almost have everything needed and everything that I don’t have is ordered from Aliexpress so I’ll write updates as the project goes.

Parts that I have right now:

  • Ramps and Arduino mega
  • stepper motor drivers
  • 1 NEMA 17 motor
  • threaded rods
  • B608ZZ bearings
  • washers, nuts and screws
  • power supply that can deliver 12V
  • 3d printer to print out parts

Continue reading

Integrating database of pwned password hashes with Microsoft AD

Few weeks ago, Troy Hunt has released password hash dumps from site. Dumps are large, splitted to 3 parts and contains 324+ millions of hashes. In this blog post I will show you how to integrate that large hash dump with Microsoft Active Directory and enable DC servers to check against that list before allowing user to change their password.

Microsoft has one feature that has been present since Windows server 2003 and it’s called password filters. It’s not often used as it’s meant to be used as an additional method for adding more complexity to password requirements in larger organisations. The smaller organisations and companies are sticking with the rules that are already present in Windows (both server and workstations), which are:

  • enforce password history
  • minimum password age
  • maximum password age
  • minimum password length
  • password must meet complexity requirements
  • store passwords using reverse encryption

There are some commercial solutions that can add more complex requirements to this list, but price tag is quite high. As soon as you see “contact us for price” you can count with that.

Continue reading

How to reinstall macOS when you get “application is damaged” error

Today I was trying to reinstall an older Mac Mini and installation keep failing with error: “This copy of the Install macOS application is damaged, and can’t be used to install macOS.”

I have tried Yosemite, High Sierra beta (the latest one b6) but still the same error happened so I started wondering why it would fail. One look in the terminal on date and time showed that Mini thought it’s 2001 so package couldn’t be verified and thus installed as verification failed.

Continue reading

Here we go again

So  I have decided to start blogging again, to write down some of stuff I do, some of things I like, my experiments and projects, security, programming stuff, operating systems, sysadmin stuff, tips and tricks,  etc.

Let’s hope that I continue this time to more than few posts :-/


In case you are looking for older posts, they are here.

© 2022 Amar Kulo

Theme by Anders NorenUp ↑