Category

Tools

Development, Tools, Visual Studio

Self-signed certificate chain problems with GitHub Copilot and Visual Studio and Visual Studio Code

My customers have been excited to start using and experimenting with GitHub Copilot. Their proof of value has really proven to be beneficial in a lot of their development aspects. Some of them have tougher security controls in their corporate environments. One of them is SSL inspection through their firewall/NVA. This had lead to the dreadful error: [CopilotClientManager Information] statusNotification: Warning: The pending stream has been canceled (caused by: self-signed certificate in certificate chain)[CopilotClientManager Error] [ghostText] Error on ghost text request: FetchError: The pending stream has been canceled (caused by: self-signed certificate in certificate chain) The GitHub engineering team is aware of the problem. While the tools continue to improve and a more native fix / solution can hopefully be baked in, as I tell my customers, always open a support ticket to help the engineering team navigate these issues. If your organization is doing SSL inspection and you have access to the Root certificate (and it…

Read more
Tools

Compiling sqlcipher (sqlite encrypted) for Windows using Visual Studio 2022

I was searching for what was available in terms of encryption for SQLite and stumbled upon the Microsoft SQLite documentation for encryption. It states SQLite doesn’t support encrypting database files by default. Instead, you need to use a modified version of SQLite like SEE, SQLCipher, SQLiteCrypt, or wxSQLite3. I looked at all the proposed products and saw that SQLCipher was giving a community (open source) version of their product. However, they do not give the compiled binaries that comes with that. So I said to myself, let me try to compile it. This one was a tough one! I could not get it to work as easily as I thought I would. After a few hours playing, I got it to work and wanted…

Read more
Development, Tools

Signing your GitHub commits with GPG and YubiKey

I got a YubiKey recently and saw a YouTube video where the presenter quickly showed how to sign GitHub commits. I found this a useful thing, as on GitHub, you can just set your name and email in your git config and GitHub will link that it’s from you but when in fact it may not. I saw this with Linus Torvalds, where someone saw he had “made” commits on a repo, but it did not seem to be something he would contribute on. Was it really him? Who knows, but I realized it was time for me to go a little bit beyond the normal security aspect and use my YubiKey for more than just for FIDO2 authentication. For…

Read more
Development, Tools

Easily nuke secrets from your Git history

I came across an excellent article from Don Goodman-Wilson on GitGuardian on Rewriting your git history, removing files permanently – cheatsheet & guide. I had a scenario where I wanted to remove a secret deep in my history. In his article, he speaks about the git extension tool git-filter-repo. Eager as I am, I’m like yes lets use it! However, I realize that for starters, the install steps, if you’re working on a Windows machine, may not be as straight forward as download/install. For the ones like me that want a quick cheatsheet on how to make it work on Windows, here’s a quick summary. Thanks to the GitHub issues in the repo that helped me put this together. Setup…

Read more
Debugging, Tools

Changing requests status codes to test your front-end behaviors

A developer I work with came across an interesting problem where he needed to test the error handling on the front-end side of a SPA without adding extra “hacks” in the APIs that were consumed by the front-end. I helped him with this task, without adding “hacks”, by using Fiddler. Setup Download yourself a copy of Fiddler. Once installed, you need to configure Fiddler to intercept and decrypt HTTPS requests (as I hope your APIs are chatting on HTTPS). To do so, go in Tools -> Options and under the HTTPS tab, check Capture HTTPS CONNECTs and Decrypt HTTPS traffic and select …from browsers only. Accept all the dialogs that come after checking all of those. You will see that…

Read more
C#, Tools

3rd party open source .NET libraries to add to your toolbox

It’s always a pleasure to see the community help each other out in ways we think are unimaginable. One of the best way some people help, is to open source their hard work into libraries, so you don’t have to code the behavior yourself. It’s always hard to know what’s out there, so in this post, I want to give a shootout to some of the .NET libraries I find could definitely enhance your application(s) and if not, beef up your toolbox. As a developer, it’s good to know they exist, so you can increase your knowledge of the available tools out there. They definitely can help you out in the future. Note that I am listing here some libraries…

Read more
Tools, Visual Studio, Web

Synchronizing node version with your environment in Visual Studio 2017

Visual Studio 2017 is official finally out and Microsoft did a tremendous job in listening to their user base. They simplified the install process, enhanced the speed of the load of the projects, enhanced their IntelliSense and debugging tools to say the least. If you have not tried it yet, go and grab yourself a copy today! The community edition is free and is available to everyone! On that note, one may remember the nodejs binding problem that would occur in Visual Studio 2015 when it comes to gulp and node-sass

This happens because Visual Studio has a set of paths that are searched to find node/npm etc. By default Visual Studio 2017 comes with Node 5.4.1 and npm 3.3.4 shipped. As…

Read more
Tools

A way to manage nodejs and npm on windows

For the ones starting with NodeJS and NPM on windows, you probably are asking yourself how to update those when a security flaw is found or when a new version comes out. There is a way. Updating NPM You can update NPM by using npm-windows-upgrade If you want to skip all the reading of their page, here’s the parts that you need to know (excerpt from the page): First, ensure that you can execute scripts on your system by running the following command from an elevated PowerShell. To run PowerShell as Administrator, click Start, search for PowerShell, right-click PowerShell and select Run as Administrator.

Then, to install and use this upgrader tool, run (also from an elevated PowerShell or…

Read more