/gempesaw/writing

Tumblr's markdown formatting mode somewhat secretly supports footnotes. But, it seems like my settings or my theme or something makes footnote links with the target="_blank" attribute set, which is pretty odd. Who wants a footnote to pop them to a new tab ? And furthermore, the return links in the footer also have the same target="_blank". Basically, the footnotes on this blog have been nigh unusable, since they keep spawning new tabs all over the place.

As of Chrome 45, there's a new error message about a weak ephemeral Diffie-Hellman public key that started showing up in our webdriver & chromedriver proxy tests. The intent of the block was to secure users from the LogJam vulnerability.

ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY

In our testing set up at $WORK, we use Browsermob Proxy to MitM our E2E test traffic so that we can analyze the network traffic. Using a proxy allows us to test things like Omniture & Google analytics, and also enables us to simulate XSS attacks against our website.

Our E2E test suite depends heavily on the proxy being allowed to MitM the traffic, and Chrome started noticing that the DH key that our proxy presented was insecure. This is pretty valid for Chrome to want to block, since we are after all attacking ourselves^[1]. Luckily, Chrome allows us to blacklist certain ciphers as an argument during startup and after some wild googling, I arrived upon the following CLI argument for Chrome:

--cipher-suite-blacklist=0x0039,0x0033

Humm, so my nexus 6 has a persistent notification about wanting me to upgrade to 5.1.1. I was lazy this time and didn't bother doing it at the end of May when the stock images came out, but my phone doesn't know how to do it on its own since it's rooted and unencrypted and/or it's using TWRP recovery instead of the stock recovery. I don't do this frequently enough to remember, but too infrequently to want to write a script for it (especially since Wug's toolkit already exists). Anyway, here's my pretty straightforward steps to getting my N6 to 5.1.1, generic enough to apply to any update^[1]:

This is primarily for me to find next time I run into this issue! Having previously installed bitlbee on my OS X machine via homebrew & some elbow grease, I made a one-off password for the local bitlbee server I run to store my account credentials. Since I run the bitlbee server through Emacs and like a well behaved Emacs user, I hardly ever restart Emacs, I'm sure to have forgotten my bitlbee credentials between server restarts. At those times it's pretty useful to be able to find the bitlbee XML file that houses my username and encoded password. This is also useful in case I need to change other account setting things.

I've been thinking recently that one of the big problems we're having with automation at work is caused by previous-me of years past encouraging the idea of "oh doing automation is easy, look, gherkin is close to readable English, that makes it simple!" However, we're a couple years in to our (perl!) Gherkin & Selenium based automation framework and we're running into a lot of pain points.