Who knew that a simple thing like HTTP redirects would be so complicated? It turns out clients will just change POST to GET on 301 (Postman, curl, everyone?), same with 302 which really behaves like 303 and that is also an old implementation "bug". Yeah, seriously.
If you have a REST API with POST (or other non-GET) request endpoints (who doesn't?) this behaviour will completely destroy everything. Many guides (top google results) out there for configuring Apache redirect do not mention this problem. The code of choice would be 308 Permanent Redirect but that is fairly new so I would not risk it, older clients don't know it exists. The only thing left is 307 which does not allow changing methods on redirect – exactly how it should be.
Default root partition size on my Fedora installs usually becomes too small down the line to the point I can no longer install packages or perform the upgrades without removing packages or clearing dnf cache.
Therefore I wanted to shrink my home partition and add that space to root.
We can't perform the resize while partitions are mounted so we need to boot in emergency or rescue mode. I first tried the emergency mode but the boot would lock up at Fedora logo so I decided to go with rescue instead.
Once in grub menu, press e to edit. At the end of the line of linux16 or linuxefi entry, add
Press Ctrl+x to boot with modified parameters. Once in rescue mode, perform the resize:
You have a book REST resource and each book has an owner. Only the owner of the book can access an owned book. JAX-RS specification has no answer to this problem since it only provides a role based security with @RolesAllowed annotation. It is unfortunate JavaEE spec does not offer at last some interfaces which we could then imlement for this purpose.. we need to roll our own. There are many ways this can be achieved, I will present one way of doing it.
Owned JPA entities extend a common class
All owned entities should extend a common class, let's call it OwnedEntity.
Protect owned resources with an interceptor
Create an interceptor which we will use on each owned resource that will check the owner of the entity against the authorized user. We pass the owned entity as a parameter. We will need this information to be able to fetch the correct JPA entity in the interceptor implementation.
Make sure the priority of this interceptor is lower than your security interceptor, since a valid authenticated user should already be present before it.
The limitation of this interceptor is that it can only protect ID based resources of type /resource/:id. For list resources, use seperate logic to insert an additional WHERE filter by owner ID to TypedQuery/Criteria query used for list fetching.
Second limitation is that the entity ID should always be declared first in resource method. Another way would be to enforce the name "id" as the parameter name representing the entity ID, but this requires additional reflection info to get method parameter names.
The example here uses SecurityContext to retreive the authorized user. You might need to inject your own context or parsed JWT token to retreive the needed identificator, depending on what you store in your database as owner ID (user UUID, email etc).
An improvement of this interceptor is to check the roles in security context and skip the owner check if role is an ADMIN or similar, since we probably want to allow admins to access all resources.
So how useful is this?
+protects owned resources with a simple annotation
Not so good:
-only protects ID based resources, you still need a seperate mechanism for lists
-only protects the base entity, not nested owned relations (/book/:id/somethingElse/:id2), which would mean child entity can have different owner than parent and client must be prevented from access of the child. I did not yet stumble upon such a requirement though.
-forcing method parameter position or consistent naming in resource methods Cen GitHub Eurobattle.net Lagabuse.com Bnetdocs
Download the new .torrent file you just created, open Transmission Web and add the torrent. Since the file already exists in download directory, Transmisison will just revalidate the data and start seeding. *mind blown*
Distribute the torrent file to your people or generate a magnet link with
It's 2017 and it is almost impossible for a regular human being to watch Champions League without being subscribed to cable or internet TV and pay exorbitant fees for hundreds of bundled channels you don't really need or want.
beIN SPORTS Direct is 9.99€ a month in Spain which is a reasonable price. The problem is that it is geoblocked to Spain only. Here is a guide on how to overcome this.
Nombre: your name Apellidos: surname Tipo documento: NIF NIF number: NIF is some kind of tax ID in Spain. It consists of 8 digits plus CRC character on the end. beIN sports has a validator on this number so it must be correct. Go to http://www.cespedes.org/dni2nif/ and insert random 8 digits, then copy the digits and the CRC. Teléfono móvil: This has to be a valid Spanish phone number. it starts with a 6 or 7 followed by 8 digits. You can put whatever valid number you like, there is no SMS confirmation or anything like that. Código postal: valid Spanish postal code. Pick whatever: https://en.wikipedia.org/wiki/List_of_postal_codes_in_Spain
Finish up by giving your credit card info.
You should now have an account but if you try to play any of the streams they will be black unless you already have a Spanish IP. All you need to do now is find a decently priced VPN that allows you to freely switch locations and has servers in Spain. For a quick test you can do it via TunneloVPN Chrome xtension https://chrome.google.com/webstore/detail/tunnello-vpn-unblock-ultr/hoapmlpnmpaehilehggglehfdlnoegck which offers 1GB for free upon registration. In the extension choose Spain from the drop-down, turn it on and refresh your beIN SPORTS Direct page. Video should now start playing. You can verify that you have Spanish IP by going to any of the "what is my ip" websites.
And that's it, you can now watch beIN SPORTS Direct for 9.99€ a month from any country. You'll probably have to add 5€ to that monthly bill for a VPN but such is life. This is the cheapest way for a cord cutter to watch Champions League and La Liga online, at least known to me.
which is marked as "fixed" and the comment 19 months ago says it will be in the "next version". The latest version is 3.24.0 released on January 1st 2017 which is exactly what I have and guess what? Not fixed, after 7 years.
So at this point I'll just safely assume that FileZilla might as well be the worst SFTP client in existence and just use something else. But guess what? There is more. The exact same problem exists in Gnome Files if you try to open an sftp:// location. The obvious reason is that Gnome Files does not ask you anything about keys or athenticaton type but just cycles through SSH keys to try and find the correct one. Why did nobody think about offering me a popup dialog to pick the correct key? Probably because Gnome likes to dumb down things, I can't really find any other reason.
Recently I decided to move all of our C++/Qt based projects up to the latest version of Qt and C++ toolkits. That means Qt 5, Visual Studio 2015 and all the latest libraries which are needed either for Qt or standalone. There was one caveat tho.. we still need to support Windows XP because a large amount of our player base still uses it. The nightmare begins.
This guide talks about:
-building shared release libraries of OpenSSL with msvc2015 XP target
-build shared release Qt framework with msvc2015 XP target
-build your application with msvc2015 XP target
1. Getting OpenSSL (1.0.1.p)
Building OpenSSL with MSVC 2015 and Windows XP target is an absolute clusterfuck. Forget XP target, even without that it simply WON'T compile with the usual instructions which used to work in the past (ex: http://developer.covenanteyes.com/building-openssl-for-visual-studio/). Thankfully, I found pre-built binaries and a useful batch script at http://www.npcglib.org/~stathis/blog/precompiled-openssl/. The pre-built binaries are ok but they are not built with XP target. They are also built with MT/MD naming which Qt does not really like (Qt insists that you link to libeay32 and ssleay32 and nothing else). Simply renaming them does not really work because .lib tries to include the wrong thing and you end up needing to provide both (no go).
So after a full day of working around the various problems I managed to compile OpenSSL with msvc2015 and XP target. This is a rough procedure so I might have missed something because I recompiled at least 100 times before it worked, but it should at least guide you on the right track:
Modify the batch script from the link above (you need Cygwin, perl.. ) and make it to a working state
Replace /subsystem flag in LFLAGS with /subsystem:console,5.01
Also add the same subsystem flag to MKLIB and MKFLAGS
Remove MD from SSL and CRYPTO flags so you get libeay32 and libssl32 named binaries
In root OpenSSL folder run:
This should produce XP targeted OpenSSL libraries. You know they are XP targeted if you open both DLLs in HEX editor and check rows 130-150, somewhere in those rows you need to se 05 00 01 … appear twice. See: http://www.tripleboot.org/?p=423
where -I and -L flags need to point to OpenSSL include files and the libraries you just built in previous step. We are doing a shared build (I used to like it all static but it turns out shipping Qt libraries bundled in the .exe with every single application update is a complete waste of bandwidth and time, at least 10MB every time).
Then build the Qt with: jom
Do not use nmake because jom is much faster!
After Qt builds, add it as a Kit in Qt Creator. You need to specify path to qmake.exe which is in qt-everywhere-opensource-src-5.X.X\qtbase\bin.
4. Configuring your Application Qmake
Now to your actual project. Add this to your qmake (.pro) file:
Also do not forget to include "platforms/qwindows.dll" in the same folder as your .exe. You also need to provide ssleay32.dll and libeay32.dll the same way. You might also need to provide msvc C++ redistributable dll files but I usually just instruct users to install the full C++ redistributable package from Microsoft.
And there you have it, Qt 5 with OpenSSL built with MSVC 2015 and with Windows XP support. An absolute mess if you are starting from zero and don't know all the little annoyances but once you do it's a relief. Cen GitHub Eurobattle.net Lagabuse.com Bnetdocs
Googling around, I could not find a single mention whether Rode NT-USB microphone supports Linux or not. After some semi-encouraging words from Rode support I decided to go ahead and buy it anyway. I am happy to announce that it works out of the box and so far I did not encounter any problems on Fedora 23. The microphone is properly detected in Pavucontrol and Open Broadcaster. I am a complete amateur but to me the sound is crisp clear with zero background noise. The comparison with my old Siberia V2 headphone microphone or my in-built laptop one is night and day. These two would produce a lot of noise as soon as increasing the volume over 100% (at 100% they would be way too silent) and it was a complete disaster. NT-USB can go much louder and has no background noise even sitting 40cm from my loud laptop fan. Cen GitHub Eurobattle.net Lagabuse.com Bnetdocs
This is an interesting little experiment I did when I was searching for a FreeBSD SVG logo to put on a poster. As you might know, SVG format is for vector images, allowing for infinite scaling without pixelation, which is exactly what you need, if you are going to print something on a big quality poster. Either that or you need originals in huge sizes for downscaling.
What caught my eye when I opened the image with Firefox was the lack of detail inside the devil ball which should be visible. This sent me on a little crusade to find out which browsers and image programs are actually capable of rendering it correctly.
For (assumingly) correct reference render we will take the logo from the freebsd.org:
Now let's jump right into it..
Firefox render is very basic, lacks most of the highlights and internal details.
Chrome takes some artistic freedoms and completely screws up in the process. The elements are there but layered improperly plus the horns are now black. Obvious transparency and overlay issues.
Internet Explorer manages to produce the worst render of all programs.
Opera follows Chrome since they use the same underlying engine.
Safari also falls into the Webkit family with Chrome and Opera.
ImageMagick is very close but it has an extra bright ring going through the middle which apparently shouldn't be there.
Inkscape is the only tool in this test that produced a proper render.
Gimp is also very close but has the same imperfection as ImageMagick.
IrfanView uses an external plugin to render SVGs that is not free. If we ignore the overlay text for a moment, the image suffers from Chrome-like problems except it's of absolute terrible quality.
And there you have it, the piss poor state of SVG rendering as of July 2015.
If you want to resize an SVG image and produce a high resolution PNG, the easiest method is to use ImageMagick from command line: