Get Hosted Jira and Confluence for Free

Atlassian’s collaboration tools Jira and Confluence are one of the most popular tools for managing software projects and group knowledge. Learn how to get access to these great tools for free.

For the longest time, Atlassian charged 10$ per month per application in their “Standard” tier. While this is basically nothing for an established company, it is still discouraging for start ups and non-profits since it sums up to a bill of 240$ per year for the popular combination Jira + Confluence.

However, Atlassian changed their strategy. Appearently, they are no longer interested in startups getting hooked on free alternatives. There is now a “Free” tier for up to 10 users with a slightly reduced feature set available for both Jira and Confluence:

Continue reading

GitLab: Authenticate Using Access Token

GitLab offers to create personal access tokens to authenticate against Git over HTTPS. Using these tokens is a secure alternative to storing your GitLab password on a machine that needs access to your repository. It is also the only way to automate repository access when two-factor authentication is enabled.

However, GitLab does a poor job documenting how you actually use these tokens.

Create an Access Token

Navigate to “User Settings” > “Personal Access Tokens” and enter a name and, optionally, an expiration date:

Read and write access to the repository should be sufficient for many use cases, but you can also pick additional scopes. Create and copy the token and save it at a secure location (ideally, in your password manager).

Using the Token at the CLI

This is the crucial piece of information missing in the documentation at this time: You can use the token as the password for the fictional “oauth2” user in CLI commands.

For example, to clone your repository:

git clone https://oauth2:1AbCDeF_g2HIJKLMNOPqr@gitlab.com/yourusername/project.git project

Configure the Token for an Existing Repository

The authentication method of an existing checked out git project is defined in the .git/config file. If you want to use an access token instead of SSH or HTTPS auth for such an existing project, adapt this file the following way:

...
[remote "origin"]
        url = https://oauth2:1AbCDeF_g2HIJKLMNOPqr@gitlab.com/yourusername/project.git
        fetch = +refs/heads/*:refs/remotes/origin/*
...

 

Git: Overwriting ‘master’ with Another Branch

In many git workflows, all changes to your code should eventually end up in the master branch. You may also have a develop branch which contains code changes that are not ready for production deployment yet.

For some reason or another, you may end up in a situation where your develop has changed so much that you can no longer easily merge it into master. Most of those reasons suggest bad practices, but such a situation may also arise due to changes introduced into your git workflow or deployment process.

One way out of this dilemma is to completely replace master with the current develop. There are two ways to achieve that.

Merge Strategy ‘Ours’

You can use the following commands to merge develop into master using the ‘ours’ merge strategy:

git checkout develop
git merge -s ours master
git checkout master
git merge develop

The resulting master should now contain the contents of your previous develop and ignore all changes in master.

This method’s advantage is that you get a clean merge commit and other developers using those two branches are less likely to experience problems when merging their feature branches.

The downside is that this merge might fail if your develop and master have diverged to a large degree.

Force Pushing

A more brutal alternative is to force push the develop branch under a different name:

git push -f origin develop:master

Using the -f flag, your previous master is completely overwritten with develop, including its history. Warning: this erases all commits from the master branch that are not also in the develop branch.

This solution may be appropriate in your case if you have a small number of other branches and/or other developers. The downside of this approach is that all developers who already have a local copy of the master branch will need to perform a git reset --hard.

Force pushing to the master branch might fail if you use GitLab’s “Protected Branches” feature. You can either make sure your user has proper permissions or disable the protection for a few seconds until your changes are saved.

Get Two Free Compute Units from Oracle Cloud

Oracle is currently offering an always free tier of its compute cloud. In this article, I will show how to register an account, add the free tier units and connect to them via PuTTY on Windows.

What is included?

While the offer is actually free for an unlimited time, the following restrictions apply:

  • 2 database services are included (ATP serverless and ADW) limited to 1 OCPU and up to 20 GB
  • 2 compute services (1 GB RAM and 1/8 OCPU each)
  • a valid credit card and phone number are required for the registration process
  • 250 EUR of cloud credits are also included but must be used in the first 30 days

Getting started

Browse to https://www.oracle.com/cloud/free/ and register an account. After login, you will be welcomed by the following dashboard:

Navigate to “Create a VM instance”, enter a name (or leave the default) and choose your favourite operating system. However, only a few of them are eligible for the free tier:

Before hitting the “Create” button, you need to setup your SSH authentication.

Continue reading

Improve GitLab Pipeline Performance with DAGs

Directed Acyclic Graph (DAG) style dependencies between individual stages in a continuous deployment pipeline allow for a more flexible workflow and better utilize available computational resources.

Imagine a simple pipeline consisting of three jobs:

  1. A syntax check
  2. A code complexity check
  3. Running all unit tests

You may be tempted to group those in two stages: A) Build (consisting of jobs 1 and 2) and B) Test (consisting of the unit tests):

Traditional Sequences

In plain old GitLab pipelines, you would define that stage A needs to execute before stage B and everyone would be happy.

Except if the syntax check is quite fast (let’s assume 30 seconds) while the code complexity check may be very slow (say 4 minutes). Then, the unit tests need to wait a total of max(30 sec, 4 min) = 4 minutes before they can be executed, resulting in an overall slow pipeline:

Continue reading

iPhone Hacks – Should Apple Have Seen It Coming?

In another article I summarized the series of events that lead to a potentially huge number of iOS devices being overtaken by malicious actors. While increasingly more information about these incidents is revealed, one particularly interesting question should be raised: To what extent is Apple to blame?

Fast Reaction

Let’s start with the good news. As Project Zero researcher Ian Beer writes, they have informed Apple about two of the exploits on February 1st, 2019. Apple reacted within six days and released an emergency update (iOS 12.4.1) on February 7th. This short reaction time is exemplary (especially compared to Microsoft – it recently took them more than 90 days to fix a critical Windows vulnerability reported by Project Zero, which resulted in Google disclosing the vulnerability as previously announced).

Sloppy Quality Assurance?

However, this is where Apple’s exemplary behavior ends. Again according to Ian Beer, Project Zero has identified severe mistakes made by Apple that allowed the attackers to circumvent their security. Since Apple declined to comment on the current issue of exploits, his and his colleagues’ views are taken as the only reliable source of knowledge here.

Continue reading

11 Answers to the Latest Apple iOS Exploits

11 Answers to the Latest Apple iOS Exploits

On August 29th 2019, the British security researcher Ian Beer (@i41nbeer) from Project Zero at Google published multiple blog posts about a series of iOS exploits. According to their findings, those exploits have been used to completely take over iOS devices. This article provides focused answers to eleven questions about this series of events.

What is the overall impact of this attack?

If

  • you used an iOS device (iPhone, iPad, …) in the last two years and
  • visited a certain hacked site (more on that later)

your device could have potentially been overtaken by the attacker.

Overtaken means?

Complete access to all your data, including

  • All messages (even encrypted ones, even from WhatsApp and iMessage – of course also unencrypted texts)
  • Contacts
  • Passwords (iOS Keychain)
  • Emails
  • Third-Party Application Data (Facebook, Telegram, Skype, …)
  • Locations (via GPS)

What was the attackers’ goal?

Continue reading

Installing Kali Linux: Fix “Couldn’t mount CD ROM” error

This is going to be a short one. You may be experiencing troubles when installing Kali Linux via an USB flash drive:

Your installation CD-ROM couldn't be mounted. This probably means that the CD-ROM was not in the drive. If so you can insert it and try again.

You may be inclined to waste a few hours following one of the countless articles suggesting to manually open a shell, change the way your USB stick is mounted and try to fix the issue that way.

However, chances are there is a simpler solution in case you are using the popular “LiLi USB Creator” tool on Windows for preparing your flash drives. This solution is: forget LiLi USB Creator and use Win32 Disk Imager instead. Everything will work fine, you can thank me later.

Send JSON objects via POST to Spring Boot Controllers

Creating and persisting business objects using Spring Boot is amazingly easy. Assume you create an API for simple CRUD methods and want to create an entity based on data entered by your frontend users. In the old times, you would probably populate several POST fields in a key-value style and create your business object manually from those fields.

Spring Boot offers an easier solution. As long as your internal data model equals the frontend’s data model, you can use the @Valid On @RequestBody Controller Method Arguments to automatically create the object from a JSON-serialized request and execute the necessary validation logic.

Continue reading

Use Ansible to Deploy Software from git

Imagine you work on an application on a development server for several months until it is time to deploy it to a production system for the first time. Chances are, there are several necessary configuration tasks just waiting to be forgotten: firewall permissions, specific software libraries, file permissions and so on.

Ansible offers a reproducible and automatable way to take care of these configurational changes for you – and the beauty is: it does not depend on a specific Linux flavour and it works both for single-machine deployments and distributed systems.

If you were never wondering why your application exits with an HTTP error until you have noticed that the cache folder did not have the correct permissions, stop reading; if you have never forgotten which libraries you had to apt-get install before the Makefile finally completed without errors, this is not the guide for you. Otherwise, see how a simple 50 line yml file can take care of your deployment challenges.

Continue reading