While reading Alex Chan's post about experimenting with the Flickr API, I noticed the call out to keyring by Jason Coombs for accessing the macOS Keychain. The built-in app: security The built-in way to access the keychain from the command line is /usr/bin/security: To create a password: $ security add-generic-password -s FlickrAPI -a rodeo -w redacted-key Note that you need to include the password on the command line in clear test, so it's now in your history unless you remembered to include a space before security. Then, to retrieve it: $ security find-generic-password -s FlickrAPI -a rod ..read more

I've been following the work of Matt Gemmell for years. His techno-thriller Kestrel series a great fun to read and I recommend that you read them if that's your thing. He also writes short stories, one every week. These are excellent. They are free and as they are short, they don't take long to read at all. A wonderful break from the reality of the world of work, I enjoy reading each week's story with a cup of tea. This week's story, The Pathogen is as good an introduction to the One Upon A Time collective as any I've come across. At less than 1000 words, I was gripped and very much enjoyed it ..read more

With some commercial projects, it can be useful to know that all your dependencies have licences that your organisation deems acceptable. I had this requirement for a few clients now and came up with this script that we ran as part of our CI which would then fail if a dependency used a license that wasn't allowed. This proved to be reasonably easy as composer licenses will provide a list of all packages with their license, and more usefully, the -f json switch will output the list as JSON. With a machine-readable format, the script just came together! At some point, we discovered that we neede ..read more

I install Python apps on my Mac using pipx like this: pipx install rst2pdf This will then install rst2pdf into its own isolated environment so that its dependencies do not affect and are not affected by any other Python app I have installed. Internally, it creates a venv at /.local/pipx/venvs/rst2pdf with symlinks to the currently installed python in the bin directory: lrwxrwxr-x@ 1 rob staff 10 24 May 2023 python -> python3.11 lrwxrwxr-x@ 1 rob staff 10 24 May 2023 python3 -> python3.11 lrwxrwxr-x@ 1 rob staff 96 24 May 2023 python3.11 -> /opt/homebrew/Cellar ..read more

In order to verify a JWT created with an asymmetric key, the verifier needs to get the correct public key. One way to do is described in RFC7517 which describes the JSON Web Key format. Within the header of the JWT there is a kid property which is the key ID which is then used to find the correct key within a list provided at the /.well-known/jwks.json endpoint. The JWT header therefore looks something like this: { "alg" : "RS256", "kid" : "6eaf334518784ff392c3123b41ae49f5", "typ" : "JWT" } And the jwks.json is structured something like this: { "keys": [ { "alg ..read more

The most common use of JWTs is as an authentication token, usually within an OAuth2 workflow. Creating these tokens is part and parcel of the authentication library that you use. I recently had a requirement to use a JWT independent of authentication and these are some notes on what I learned when researching with Lcobucci\JWT. Make up of a JWT To really understand JWTs, read RFC7519. For a more readable introduction, read the one on jwt.io. Also, JWT is pronounced "jot". The most important thing about a JWT is that it contains data and a signature. The signature allows you to verify that the ..read more

One annoyance I had with my external USB hard drives is that they weren't sleeping when idle which makes them noisy. We can't have that! My first port of call was hdparm and its -S parameter: sudo hdparm -S 60 /dev/sdb However this didn't help. Fortunately, I found hd-idle which worked! After installing, you need to edit /etc/default/hd-idle and change the HD_IDLE_OPTS setting from -h to whatever you need. For me, I have set: HD_IDLE_OPTS="-i 0 -a sdb -i 60 -a sdc -i 60" These parameters are: -i 0: This first -i sets the idle timeout for all drives. 0 means no timeout which is what I want f ..read more

I recently added a second SSD to my Linux server and had to look up how to format it and set it up, having not taken notes for the first one. These are the notes I took the second time. This is all done from the command line and the monospace text is to be typed directly – though change the identifiers if requried. sudo lshw -C disk to confirm disk is seen by the BIOS and work out it's path. In this case, it's /dev/sdb Partition the disk with a single partition: sudo parted /dev/sdb mklabel gpt unit TB mkpart Partition Name: primary File system type: ext4 Start: 0% End: 100% print to chec ..read more

Shortly after building a script to create binaries for Rodeo, my command line Flickr uploader, I realised that I could use a Github Actions workflow to run it and attach the created binaries to the Release page once I had created it. This is what I did. Trigger on release A GitHub Actions workflow is a YAML file and each workflow has to be triggered. For Continuous Integration, it's common to trigger when new PR is opened or a new commit is pushed and then run tests on the code. In this case, I want to trigger when a new release is created. This is done in the on section: .github/workflows/bui ..read more

Last week, I attended PHPUK 2024. This is one of the major PHP conferences and I was pleased to speak about DDD there. Sam and the team did a fantastic job this year with the videos already published. To my mind, attending a conference provides a number of benefits. The first and most obvious one is that you learn some amazing things, from people who tend to know what they are talking about. At PHPUK there were talks directly relevant to day-to-day development, such as testing, API development and git usage. In addition, you get the opportunity to learn new things that may not be directly appl ..read more