I have my own Gitlab server where I have all the code I write. Today I was trying to check something fast in one of the source files on the server over the Web frontend for Gitlab and I couldn’t get file to show.
All I would get is following error message.
Interesting. I tried Web IDE editor and I would get the same thing, just the message loading Web IDE editor and nothing would happen.
Next obvious step was to check console in Developer tools in Chrome. What I found there was an interesting error.
The problem is net::ERR:SPDY_PROTOCOL_ERROR, and as Gitlab server is behind Nginx server which acts as reverse proxy for it, this error can only come from it. The next step was to check error logs on the Nginx server.
So error is obviously permissions based, Nginx server is caching .js and .css content but it doesn’t have permissions to access cached content. Solution was simple, just allow nginx to access all of the content in that folder and VOILA, everything works as it should.
Today I did a big mistake. I programmed wrong fuses on ATmega328P. Of course it was the fuse that sets external oscillator value instead of internal one.
I tried to fix it with STK500 programmer and Atmel Studio but without any luck. Then I started searching for solutions and I found one that worked in the end.
If you overload external oscillator with high frequency, you will be able to erase chip, and erase fuse settings. First I tried this with STK500 and Atmel Studio but without any success.
Then I tried small USBASP programmer and eXtreme Burner – AVR software and it could detect chip but not erase it. Because I supplied oscillator clock from signal generator I was able to change frequencies and to try to find which one would work. I have tested first clock simulation on 3-10KHz, but the one that worked for me was 4MHz with 5V amplitude, square wave. I was able to erase chip and then program it the right away. Just connect signal from signal generator to XTAL1 pin and you are good to go.
Of course, this took some time to do because of the following:
USBASP that I had was China copy, that Windows couldn’t recognize so I had to reprogram it with STK500
Then Windows wouldn’t recognize it or allow me to install driver because it wasn’t signed
To solve this press shift and restart Windows
On boot menu chose that you want advanced options
Then select startup settings and restart
When Windows restarts it will ask you which option do you want to enable or disable
Select “7. Disable driver signature enforcement”
Windows will boot and you can install driver that is not signed
You need to provide external power supply to the ATmega chip
This post is more like a rant then a post but it is what it is.
In everyday work and life I keep finding people that think that policies are good to have but not so good to follow up and I’m really struggling to comprehend that kind of thinking, especially when it’s about security. I don’t get it why is it so hard to realize one simple fact, you don’t compromise with security.
Yesterday I have started building Cyclone PCB factory, a small PCB cnc machine with 3D printed parts. I have browsed a bit trough my parts stock at home that I have after lot of building and rebuilding of different kind of 3d printers and found that I almost have everything needed and everything that I don’t have is ordered from Aliexpress so I’ll write updates as the project goes.
Few weeks ago, Troy Hunt has released password hash dumps from haveibeenpwned.com site. Dumps are large, splitted to 3 parts and contains 324+ millions of hashes. In this blog post I will show you how to integrate that large hash dump with Microsoft Active Directory and enable DC servers to check against that list before allowing user to change their password.
Microsoft has one feature that has been present since Windows server 2003 and it’s called password filters. It’s not often used as it’s meant to be used as an additional method for adding more complexity to password requirements in larger organisations. The smaller organisations and companies are sticking with the rules that are already present in Windows (both server and workstations), which are:
enforce password history
minimum password age
maximum password age
minimum password length
password must meet complexity requirements
store passwords using reverse encryption
There are some commercial solutions that can add more complex requirements to this list, but price tag is quite high. As soon as you see “contact us for price” you can count with that.
Today I was trying to reinstall an older Mac Mini and installation keep failing with error: “This copy of the Install macOS Sierra.app application is damaged, and can’t be used to install macOS.”
I have tried Yosemite, High Sierra beta (the latest one b6) but still the same error happened so I started wondering why it would fail. One look in the terminal on date and time showed that Mini thought it’s 2001 so package couldn’t be verified and thus installed as verification failed.
So I have decided to start blogging again, to write down some of stuff I do, some of things I like, my experiments and projects, security, programming stuff, operating systems, sysadmin stuff, tips and tricks, etc.
Let’s hope that I continue this time to more than few posts :-/
In case you are looking for older posts, they are here.