Wednesday 8 July 2020

Irish Covid Tracker App - Audit

Just a quick note, I went over the code base for the new covid app. There's some issues with it e.g. lack of tests and some code quality issues that you'd probably find in any app but from a data privacy and security point of view it looks good.

Honestly we should make open sourcing of new government apps mandatory, it's amazing to be able to audit something like this and trust that it's doing what they say it's doing. I really don't think I could have used something like this without this level of transparency.

Highly recommend anyone who hasn't already download the app, the more people who use it the better it will work.



Wednesday 4 January 2017

SailBike Dublin probaby my last Sailfish app

In the recent Haapajoki Sailfish update, certain location and mapping APIs were removed. This had consequences for several apps but specifically it broke BikeMe, the app which I was using to check whether there was bikes available on the dublin bikes scheme. I'm sure this will be fixed soon by the author of BikeMe as there has been regular updates to the app but as I use dublin bikes on a daily basis I needed a replacement.

First, I looked at "CityBike'me" but unfortunately the dublinbikes datasource appeared to be broken in this app so I decided to roll up my sleeves and write my own. I thought that since BikeMe would be fixed soon enough. I'd only need something simple for my own needs and MVP to get through the time while BikeMe wasn't working. So I found an API to use and decided I just wanted a list of stations with how many bikes/spaces were available with a quick station view to how extra information like how old this information was and the location on the station on a map.

A couple of hours, hacking about later I came up with SailBike Dublin, screen shots and a link to the github repo can be seen below. It's very much a stop gap but hopefully it helps a few other people out as well, I've released it on the Jolla harbour it'll be up as soon as it's passed QA. As with all software which I release opensource, it's MIT licensed. If anyone needs one for their city, let me know. It's fairly trivial to make a version which isn't Dublin specific.

Unfortunately as I've recently dropped my Jolla (cracking it's screen) and missed out on the Jolla C device program this will most likely be my last app for Sailfish OS. Unless of course, the program reopened before I end up replacing my Jolla with an Android phone.



Friday 13 May 2016

Recovering my Jolla from a boot loop

Recently while I was updating my Jolla phone to the latest release. I was asked to optimize the space left of the disk before updating. I did this but my phone got powered off during this process and once it was charged again it went into a bootloop. That is to say that it booted with the Jolla logo and then went to a blank screen and never went further.

Upon investigating the issue, I found that the Jolla file system is btrfs and that it was during a btrfs operation the device got turned off causing some file system issues. I read over Jolla's instructions on how to reset the device to factory settings available here but I didn't want to reset my device as it had quite a bit of valuable data on it. Luckily they had instructions on how to recover that data available here. These instructions worked for getting data off the device although it took several trips due to the size of my SD card. As an aside always have a backup .vault file on your Jolla it will make this process easier , I didn't and I wonuld have had to write code to retrieve my contacts and message from SQLite DBs had I not been able to fix the device.

Once I had my data safely off the device, I wanted to remove some of it to attempt a btrfs recovery. In order to see if I could get the device back in  working order without a factory reset. However the file system which I had mounted using the instructions in the article wasn't writable so I couldn't delete any data. Eventually I found that I could mount the file system like so

Which mounted the file system as writable, I then removed my Videos folder as it was safely backed up and would remove 2GB of space form the device. Then I ran sync and umount commands to make sure it was gone and to unmount the file system. Once I had done this I used option 5 in the recovery console to attempt a btrfs recovery and then I rebooted the device, it took a little while longer than usual to reboot but it's now back to normal and working as expected.

I hope this helps anyone else experiencing similar issues.

Wednesday 4 May 2016

Using GPG as a Last Pass Alternative

I use Last Pass on my laptop but have recently been thinking of moving away from it. There have been several reasons for this e.g.
  • Breaking accessibility in my browser
  • Lack of secure clients for some of my devices (Sailfish OS & Ubuntu Touch)
  • I wish they were open about their algorithms
but I don't want this to be an anti Last Pass article, for some people it works very well and it's certainly better than reusing the same password on different sites.

My solution is a simple one, since all of my devices have a command line with gpg installed just use gpg to encrypt my passwords. I can then sync this encrypted file between all of my devices. Below you can see how to do this, in case it's something your thinking of doing yourself:

Sunday 1 May 2016

uRoku for Ubuntu Touch

I've just released the first version of uRoku, a Roku remote app for Ubuntu Touch. It gives the user a remote interface along with a keyboard and the ability to launch Roku apps from their Ubuntu device. It's written using the Ubuntu Cordova SDK because the QML SDK won't work on Ubuntu 14.04. I may re-write it in QML later. It's MIT licensed and available on github and the Ubuntu app store now.

uApp Exploerer:



Thursday 24 March 2016

Bash to audit your npm dependencies

With the issues surrounding npm today, I thought it would be interesting to write a bash one liner to see how many stars on github each dependency in my project's dependency tree has. The bash is below, it's only real dependencies are curl and npm. A word of warning, it does take quite sometime to run especially if you have lots of dependencies.

npm ls | grep -oP "\w[^@]+@" | sed s/@// | sort |uniq |  awk '{print "npm view " $1 " repository.url"}' | sh | grep -oP "github(\w|\W)+\.git" | sed 's/.git//g' | sed 's/.com/.com\/repos/g' | awk '{print "curl -s \"https://api."$1"\" | grep -P \"(stargazers_count|full_name)\" "}' | sh


In regards to my opinion on the situation, the behavior of some of the individuals was clearly childish at best and everyone who was stung by the situation should be a little more careful about their dependencies.

Saturday 3 January 2015

"MerSDK" not starting ... enable VT-x in your BIOS

So I haven't updated my SailBusDublin app in a little while because my dev tools were broken. I was getting an error:

Error connecting to "MerSDK" virtual machine: Failed to start virtual machine "MerSDK"

At first I thought I haven't done anything other than update the tools and was a little annoyed at jolla for breaking them but then I came to my senses, people were clearly publishing apps on the store so it was probably an issue on my end.

I figured it was something easily fixable so did a little googling and couldn't find anything.This is not as weird as you might think given the size of the developer community so I decided I'd leave it a little while and someone else would run into the problem and fix it (the it's a side project and I'm being lazy approach) but alas while some people ran into it, no one seemed to fix it. So I decided to put the effort in and debug the issue.

It's fairly clear from that error that it's an issue with the VM so I opened virtual box rather than bother with QtCreator again and tried to start the VM and got an error about intel's VT-x which was weird because I didn't remember making any changes to my laptop in regards to virtualization. Anyway found some redhat docs on the issue:

and went into the BIOS and turned it back on and voila the "MerSDK" VM started and I was back up and running.

I think I turned it off at some point because of a security issue with VT-x but the only issue I can find of the subject can't be exploited on my laptop because it's 64-bit running a 64-bit host. That said if your running a 32-bit host be careful of the VM's you use if you re-enable VT-x.