Enabling CORS for nginx WebDAV and CalDAV reverse-proxy

:: linux, tricks

The past few weeks I’ve been learning to develop and deploy a Progress Web App (PWA) that can communicate with my WebDAV and CalDAV servers. Unfortunately, while these are on the same domain, they are on different sub-domains, and this causes the requests to be considered cross-origin requests. For security reasons, cross-origin requests are blocked by most browsers by default unless the server explicitly allows cross-origin resource sharing (CORS). This is pretty easy to set up for static resources or scripts, if they use default headers and GET and POST methods. However, it’s particularly complicated for WebDAV, CalDAV, and other protocols that use additional headers or methods.

A Suitable Cutlery Tray

:: memes

This post is a transcription of a thread that happened live on Twitter on June 30, 2019, in response to some anger at my lack of a cutlery tray. I was in a mood following a previous cutlery incident.

What is the optimal arrangment of cutlery in a drawer?

:: memes

This post is a transcription of a thread that happened live on Twitter on June 30, 2019, in response to someone claiming there was a correct way to arrange cutlery in a drawer. The statement caused me to momentarily lose my mind. The thread has since become difficult to find, so I’m reproducing it here.

Locking down your browser to defend yourself from rickroll

:: tinkering

Recently, a UBC SPL grad student offered a bounty to anyone who could Rickroll me. This has resulted in an arms race. I have increased my browser security to prevent Rickrolling entirely on most of my machines. This isn’t fool proof, of course, but hopefully it will help defend against low-tier attempts.

Setting up your backup service

:: linux, tricks, tutorial, optimize everything

I just ran the command rm -rf ~, deleting all my personal files in the process. This was not the first time, and it was no big deal, because I back up my files with automatic rolling backups. My backup system is secure, redundant, and has low resources requirements. The backup repository is encrypted, deduplicated, compressed, and mirrored across multiple machines. You can choose to use any or none of these features while following this guide.

In this guide, I describe how to set up a secure and robust backup service yourself, which runs on Linux, macOS, and Windows via WSL 2. I provide my own scripts, config files, and workflows for maintaining, validating, and restoring the backups. This is all setup using free software, supports multiple configurations with varying degrees of security and redundancy, and scales well to more backup clients.

If you’d prefer to not set this up yourself and you run macOS or Windows, I recommend Backblaze:

https://www.backblaze.com/cloud-backup.html#af9v9g

They automatically handle everything, including most of the features I want in a backup service and some I could never implement myself, for $6/m per machine (USD).

A Summary of Discussions on Virtual Conferences

:: academia

After a successful virtual PLDI, some of us expressed support for more virtual conferences in the future, and some expressed dissent and concerns. The result was an interesting discussion on Twitter, which is essentially impossible to follow. I summarize the discussions here, and include some of my own editorializing.

Please forgive the typos; my fingers quickly get out of sync with my brain, especially at 1am while following multiple twitter discussions.

Copy/pasting your password into the Runescape Client

:: tricks, windows

In a fit of nostalgia, I wanted to play some Runescape this weekend. I discovered that Runescape forbids copy and pasting your password into the client, for bogus security reasons. This poses a problem for me, since my password is a very long randomly generated string. Normally, I would copy and paste it from my password manager.

Thankfully, a little Powershell scripting solves the problem. The script below will, upon execution, switch to the Runescape client and type your password. You need to configure one variable, $password, which should be set using a command the reads your password from your password manager (or, if you don’t care about security, set to your password as a string literal). The default uses my configuration, fetching the password from pass via WSL.

Be careful not to run the script while you’re already logged in, or it might enter your password in chat. It shouldn’t, and it won’t hit enter, but… use at your own risk.

runescaope-login.ps1

## --------------------------------------------------------------------
## Instructions:
# Launch Runescape then run this script while on the login page.
#
# You may need to switch Runescape between windowed and full screen 
# after, as alt-tabbing or this script sometimes screws up full screen.

## --------------------------------------------------------------------
## Configure:

# Your runescape password
# $password = "my hard coded password"
# $password = get-password-command
$password = (wsl /usr/bin/pass show runescape.com `| head -n 1)

# Delay.
# How long to wait between grabbing Runescape window and starting to type.
$delay = 1

## --------------------------------------------------------------------

function Show-Process($Process) {
  $sig = '
    [DllImport("user32.dll")] public static extern bool ShowWindowAsync(IntPtr hWnd, int nCmdShow);
    [DllImport("user32.dll")] public static extern int SetForegroundWindow(IntPtr hwnd);
  '

  $type = Add-Type -MemberDefinition $sig -Name WindowAPI -PassThru
  $hwnd = $process.MainWindowHandle
  $null = $type::ShowWindowAsync($hwnd, 5)
  $null = $type::SetForegroundWindow($hwnd) 
}

Show-Process (Get-Process -Name rs2client)

timeout $delay

Add-Type -AssemblyName System.Windows.Forms 
$password.ToCharArray() | ForEach-Object {[System.Windows.Forms.SendKeys]::SendWait($_)}

Running a public server from WSL 2

:: linux, tricks, windows, wsl

This week, for ReAsOnS, I wanted to run a server on WSL 2 that was accessible from the internet. This was surprisingly involved and requires lots of hard-to-find tricks to forward ports through 4 different layers of network abstractions and firewalls.

  1. In WSL, make sure your server is using IPv4. I spent a hell of a long time just trying to figure out why I couldn’t access the server from localhost. I had successfully run a handful of local http servers from WSL that were accessible from the Windows host, so I wasn’t sure what the problem was. It turns out this server, written in Java, wouldn’t work until I added -Djava.net.preferIPv4Stack=true to the java options. It appears that Java was defaulting to IPv6, and WSL doesn’t forward IPv6 properly, or something.
  2. In WSL, make sure you allow the port through your WSL firewall, if you’re using one. Using a WSL firewall might be redundant, but you might be using one. I usually use ufw in my linux machines, so run I’d run ufw allow $PORT in WSL.
  3. In Windows, forward your port from the public IP port to the WSL port using netsh interface portproxy add v4tov4 listenport=$PORT listenaddress=0.0.0.0 connectport=$PORT connectaddress=127.0.0.1 in a Powershell with admin rights. This is one of the hard-to-find but necessary WSL specific bits. It look like Windows creates a virtual adapter that isn’t properly bridged with your internet network adapter. I tried playing various bridging tricks, but in the end, I had to manually create a portproxy rule using Windows’ network shell netsh. This listens on all addresses and forwards the connection to the localhost, which seems to be automatically bridged with WSL. You can also try to manually forward it to the WSL adapter. Use ipconfig to find it. However, the WSL IP changes from time to time, so I recommend using local host instead. It might also be wise to listen explicitly on your internet facing IP instead of 0.0.0.0, but this seemed to work.
  4. In Windows, allow the port through the Windows firewall explicitly by adding a new Inbound Rule using the Windows Defender Firewall with Advanced Security administrative tool. This is accessible as WF.msc in cmd and Powershell. Select Inbound Rule, and click New rule... in the action menu to the right, and work your way through the menu to allow the port explicitly. Normally, Windows asks if you want to allow applications through the firewall. This doesn’t seem to happen with WSL servers, so we have to manually add a rule.
  5. In your router, setup port forwarding for the port.

One inside perspective on the graduate student application process

:: academia

Around this time of year (graduate student recruiting season), I see lots of:

  1. Stress from students who are unsure about the graduate recruiting process and how their application is viewed.
  2. Reassurance from people who have been through the process, e.g.,:

What I don’t see much from professors explaining WTF.

I’ve now been on both sides of this process and wants to give a peak behind the mysterious curtain in an attempt to reduce stress from students currently going through this process, and hopefully help future students with their applications.

This started as a tweet thread; you can view the original here:

In this post, I maintain that thread and elaborate on it.

CS101: Introduction to Hammering

:: academia

In this post, I describe a proposal to redevelop the Construction Science introduction course to use hammers, a standard and state-of-the-art industry tool that students should have experience with.