FEED Validator

for Atom and RSS and KML

Congratulations!

This is a valid RSS feed.

Recommendations

This feed is valid, but interoperability with the widest range of feed readers could be improved by implementing the following recommendations.

line 630, column 3: content:encoded should not contain relative URL references: /building-go-binaries-for-different-platforms [help]
```
]]></content:encoded>
   ^
```

line 652, column 0: content:encoded should not contain decoding attribute [help]

<p><img decoding="async" src="https://akrabat.com/wp-content/uploads/2024/02 ...

Source: http://akrabat.com/feed/

<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
xmlns:content="http://purl.org/rss/1.0/modules/content/"
xmlns:wfw="http://wellformedweb.org/CommentAPI/"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
>
<channel>
<title>Rob Allen</title>
<atom:link href="https://akrabat.com/feed/" rel="self" type="application/rss+xml" />
<link>https://akrabat.com</link>
<description>Pragmatism in the real world</description>
<lastBuildDate>Wed, 17 Apr 2024 09:26:05 +0000</lastBuildDate>
<language>en-US</language>
<sy:updatePeriod>
hourly </sy:updatePeriod>
<sy:updateFrequency>
1 </sy:updateFrequency>
<generator>https://wordpress.org/?v=6.5.2</generator>
<item>
<title>Command line access to the Mac Keychain with keyring</title>
<link>https://akrabat.com/command-line-access-to-the-mac-keychain-with-keyring/</link>
<comments>https://akrabat.com/command-line-access-to-the-mac-keychain-with-keyring/#respond</comments>
<dc:creator><![CDATA[Rob]]></dc:creator>
<pubDate>Tue, 23 Apr 2024 10:00:00 +0000</pubDate>
<category><![CDATA[Command Line]]></category>
<category><![CDATA[Computing]]></category>
<guid isPermaLink="false">https://akrabat.com/?p=7007</guid>
<description><![CDATA[While reading Alex Chan's post about experimenting with the Flickr API, I noticed the call out to keyring by Jason Coombs for accessing the macOS Keychain. The built-in app: security The built-in way to access the keychain from the command line is /usr/bin/security: To create a password: $ security add-generic-password -s FlickrAPI -a rodeo -w redacted-key Note that you need to include the password on the command line in clear test, so it's now in… <a href="https://akrabat.com/command-line-access-to-the-mac-keychain-with-keyring/">continue reading</a>.]]></description>
<content:encoded><![CDATA[While reading <a href="https://alexwlchan.net/2024/flapi/">Alex Chan's post about experimenting with the Flickr API</a>, I noticed the call out to <a href="https://github.com/jaraco/keyring">keyring</a> by Jason Coombs for accessing the macOS Keychain.
<h2>The built-in app: security</h2>
The built-in way to access the keychain from the command line is <tt>/usr/bin/security</tt>:
To create a password:
<pre>$ security add-generic-password -s FlickrAPI -a rodeo -w redacted-key
</pre>
Note that you need to include the password on the command line in clear test, so it's now in your history unless you remembered to include a space before <tt>security</tt>.
Then, to retrieve it:
<pre>$ security find-generic-password -s FlickrAPI -a rodeo -w
redacted-key
</pre>
Not especially difficult, but not the easiest to remember.
<h2>Keyring makes it simpler</h2>
To set a password using keyring:
<pre>
$ keyring set FlickrAPI caledonia
Password for 'caledonia' in 'FlickrAPI':
</pre>
It doesn't display your password as you enter it, so no history issues to worry about.
Again, retrieving is simpler too:
<pre>
$keyring get FlickrAPI rodeo
redacted-key
</pre>
Rather usefully, it also works on Windows and Linux in addition to Mac, utilising the appropriate backend. You can even use it with <a href="https://github.com/jaraco/keyring#third-party-backends">other backends</a>.
As with Alex's use-case, I can see how this is a nice tool for using in CLI scripts to get access to API keys or other secrets while keeping them secure.
]]></content:encoded>
<wfw:commentRss>https://akrabat.com/command-line-access-to-the-mac-keychain-with-keyring/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>Matt Gemmell's short stories</title>
<link>https://akrabat.com/matt-gemmells-short-stories/</link>
<comments>https://akrabat.com/matt-gemmells-short-stories/#respond</comments>
<dc:creator><![CDATA[Rob]]></dc:creator>
<pubDate>Tue, 16 Apr 2024 10:00:00 +0000</pubDate>
<category><![CDATA[Around the web]]></category>
<category><![CDATA[Life]]></category>
<guid isPermaLink="false">https://akrabat.com/?p=7009</guid>
<description><![CDATA[I've been following the work of Matt Gemmell for years. His techno-thriller Kestrel series a great fun to read and I recommend that you read them if that's your thing. He also writes short stories, one every week. These are excellent. They are free and as they are short, they don't take long to read at all. A wonderful break from the reality of the world of work, I enjoy reading each week's story with… <a href="https://akrabat.com/matt-gemmells-short-stories/">continue reading</a>.]]></description>
<content:encoded><![CDATA[I've been following the work of <a href="https://mattgemmell.scot">Matt Gemmell</a> for years. His techno-thriller Kestrel series a great fun to read and I recommend that you read them if that's your thing.
He also writes <a href="https://mattgemmell.scot/books/once-upon-a-time/stories/">short stories</a>, one every week. These are excellent. They are free and as they are short, they don't take long to read at all. A wonderful break from the reality of the world of work, I enjoy reading each week's story with a <a href="https://www.yorkshiretea.co.uk">cup of tea</a>.
This week's story, <a href="https://mattgemmell.scot/books/once-upon-a-time/stories/the-pathogen/">The Pathogen</a> is as good an introduction to the One Upon A Time collective as any I've come across. At less than 1000 words, I was gripped and very much enjoyed it. 
However, the true mark of a good story is that I'm still thinking about it a day later.
]]></content:encoded>
<wfw:commentRss>https://akrabat.com/matt-gemmells-short-stories/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>Check licenses of composer dependencies</title>
<link>https://akrabat.com/check-licenses-of-composer-dependencies/</link>
<comments>https://akrabat.com/check-licenses-of-composer-dependencies/#comments</comments>
<dc:creator><![CDATA[Rob]]></dc:creator>
<pubDate>Tue, 09 Apr 2024 10:00:00 +0000</pubDate>
<category><![CDATA[PHP]]></category>
<guid isPermaLink="false">https://akrabat.com/?p=6995</guid>
<description><![CDATA[With some commercial projects, it can be useful to know that all your dependencies have licences that your organisation deems acceptable. I had this requirement for a few clients now and came up with this script that we ran as part of our CI which would then fail if a dependency used a license that wasn't allowed. This proved to be reasonably easy as composer licenses will provide a list of all packages with their… <a href="https://akrabat.com/check-licenses-of-composer-dependencies/">continue reading</a>.]]></description>
<content:encoded><![CDATA[With some commercial projects, it can be useful to know that all your dependencies have licences that your organisation deems acceptable.
I had this requirement for a few clients now and came up with this script that we ran as part of our CI which would then fail if a dependency used a license that wasn't allowed.
This proved to be reasonably easy as <tt>composer licenses</tt> will provide a list of all packages with their license, and more usefully, the <tt>-f json</tt> switch will output the list as JSON. With a machine-readable format, the script just came together!
At some point, we discovered that we needed to allow exceptions for specifically authorised packages, so I added that and haven't changed it since.
<h2>check-licenses.php</h2>
<pre lang="php">
<?php
$allowedLicenses = ['Apache-2.0', 'BSD-2-Clause', 'BSD-3-Clause', 'ISC', 'MIT', 'MPL-2.0', 'OSL-3.0'];
$allowedExceptions = [
'some-provider/some-provider-php', // Proprietary license used by SMS provider
];
$licences = shell_exec('composer licenses -f json');
if ($licences === null || $licences === false) {
echo "Failed to retrieve licenses\n";
exit(1);
}
try {
$data = json_decode($licences, true, 512, JSON_THROW_ON_ERROR);
} catch (JsonException $e) {
echo "Failed to decode licenses JSON: " . $e->getMessage() . "\n";
exit(1);
}
// Filter out all dependencies that have an allowed license or exception
$disallowed = array_filter(
$data['dependencies'],
fn(array $info, $name) => ! in_array($name, $allowedExceptions)
&& count(array_diff($info['license'], $allowedLicenses)) === 1,
ARRAY_FILTER_USE_BOTH
);
if (count($disallowed)) {
$disallowedList = array_map(
fn(string $k, array $info) => sprintf("$k (%s)", implode(',', $info['license'])),
array_keys($disallowed),
$disallowed
);
printf("Disallowed licenses found in PHP dependencies: %s\n", implode(', ', $disallowedList));
exit(1);
}
exit(0);
</pre>
<h2>Running check-licenses.php</h2>
If all dependencies are allowed, then <tt>check-licenses</tt> will output nothing and exit with status code <tt>0</tt>:
<pre>
$ php bin/check-licenses.php
$ echo $?
0
</pre>
If at least one dependency is not allowed, then <tt>check-licenses</tt> will list the packages that have licenses that ar not allowed and exit with status code <tt>1</tt>:
<pre>
$ php bin/check-licenses.php
Disallowed licenses found in PHP dependencies: foo/bar (GPL-3.0)
$ echo $?
1
</pre>
Maybe it's useful to others too. If you use it, put it in your CI system.
]]></content:encoded>
<wfw:commentRss>https://akrabat.com/check-licenses-of-composer-dependencies/feed/</wfw:commentRss>
<slash:comments>3</slash:comments>
</item>
<item>
<title>Reinstall pipx apps after Homebrew Python upgrade</title>
<link>https://akrabat.com/reinstall-pipx-apps-after-homebrew-python-upgrade/</link>
<comments>https://akrabat.com/reinstall-pipx-apps-after-homebrew-python-upgrade/#respond</comments>
<dc:creator><![CDATA[Rob]]></dc:creator>
<pubDate>Tue, 02 Apr 2024 10:00:00 +0000</pubDate>
<category><![CDATA[Computing]]></category>
<category><![CDATA[rst2pdf]]></category>
<guid isPermaLink="false">https://akrabat.com/?p=6991</guid>
<description><![CDATA[I install Python apps on my Mac using pipx like this: pipx install rst2pdf This will then install rst2pdf into its own isolated environment so that its dependencies do not affect and are not affected by any other Python app I have installed. Internally, it creates a venv at /.local/pipx/venvs/rst2pdf with symlinks to the currently installed python in the bin directory: lrwxrwxr-x@ 1 rob staff 10 24 May 2023 python -> python3.11 lrwxrwxr-x@ 1 rob… <a href="https://akrabat.com/reinstall-pipx-apps-after-homebrew-python-upgrade/">continue reading</a>.]]></description>
<content:encoded><![CDATA[I install Python apps on my Mac using <a href="https://pipx.pypa.io">pipx</a> like this:
<pre>pipx install rst2pdf</pre>
This will then install <a href="https://rst2pdf.org">rst2pdf</a> into its own isolated environment so that its dependencies do not affect and are not affected by any other Python app I have installed.
Internally, it creates a venv at <tt>/.local/pipx/venvs/rst2pdf</tt> with symlinks to the currently installed python in the <tt>bin</tt> directory:
<pre>
lrwxrwxr-x@ 1 rob staff 10 24 May 2023 python -> python3.11
lrwxrwxr-x@ 1 rob staff 10 24 May 2023 python3 -> python3.11
lrwxrwxr-x@ 1 rob staff 96 24 May 2023 python3.11 -> /opt/homebrew/Cellar/python@3.11/3.11.3/Frameworks/Python.framework/Versions/3.11/bin/python3.11
</pre>
All is good. 
However, when the Homebrew version of Python is updated, the old version is removed.
Running rst2pdf now fails with "cannot execute: required file not found" as the linked python no longer exists.
It's easy enough to fix when you work out what's happened:
<pre>
pipx reinstall-all
</pre>
I wish this situation was handled a little bit better though.
]]></content:encoded>
<wfw:commentRss>https://akrabat.com/reinstall-pipx-apps-after-homebrew-python-upgrade/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>Creating JWKS.json file in PHP</title>
<link>https://akrabat.com/creating-jwks-json-file-in-php/</link>
<comments>https://akrabat.com/creating-jwks-json-file-in-php/#respond</comments>
<dc:creator><![CDATA[Rob]]></dc:creator>
<pubDate>Tue, 26 Mar 2024 11:00:01 +0000</pubDate>
<category><![CDATA[PHP]]></category>
<guid isPermaLink="false">https://akrabat.com/?p=6986</guid>
<description><![CDATA[In order to verify a JWT created with an asymmetric key, the verifier needs to get the correct public key. One way to do is described in RFC7517 which describes the JSON Web Key format. Within the header of the JWT there is a kid property which is the key ID which is then used to find the correct key within a list provided at the /.well-known/jwks.json endpoint. The JWT header therefore looks something like… <a href="https://akrabat.com/creating-jwks-json-file-in-php/">continue reading</a>.]]></description>
<content:encoded><![CDATA[In order to verify a JWT created with an asymmetric key, the verifier needs to get the correct public key. One way to do is described in <a href="https://www.rfc-editor.org/rfc/rfc7517">RFC7517</a> which describes the JSON Web Key format.
Within the header of the JWT there is a <tt>kid</tt> property which is the key ID which is then used to find the correct key within a list provided at the <tt>/.well-known/jwks.json</tt> endpoint.
The JWT header therefore looks something like this:
<pre lang="json">
{
"alg" : "RS256",
"kid" : "6eaf334518784ff392c3123b41ae49f5",
"typ" : "JWT"
}
</pre>
And the <tt>jwks.json</tt> is structured something like this:
<pre lang="json">
{
"keys": [
{
"alg": "RS256",
"kty": "RSA",
"use": "sig",
"kid": "6eaf334518784ff392c3123b41ae49f5",
"n": "sj6R1AYPKISqYKFxmQMMFJSm583Jfn6ef51SpQPCe17SM10Ljp2YIte924U ...",
"e": "AQAB"
}
]
}
</pre>
This is an interesting format as it doesn't use the standard PEM format for the key, but rather stores it as a modulus ("n") and exponent ("e") as per <a href="https://datatracker.ietf.org/doc/html/rfc7518#section-6.3">RFC 7518 section 6.3</a>:
<dl>
<dt>6.3.1.1. "n" (Modulus) Parameter</dt>
<dd>The "n" (modulus) parameter contains the modulus value for the RSA 
public key. It is represented as a Base64urlUInt-encoded value.</dd>
<dd>Note that implementers have found that some cryptographic libraries 
prefix an extra zero-valued octet to the modulus representations they 
return, for instance, returning 257 octets for a 2048-bit key, rather 
than 256. Implementations using such libraries will need to take 
care to omit the extra octet from the base64url-encoded 
representation.</dd>
<dt>6.3.1.2. "e" (Exponent) Parameter</dt>
<dd>The "e" (exponent) parameter contains the exponent value for the RSA 
public key. It is represented as a Base64urlUInt-encoded value.</dd>
</dl>
Fortunately, we can use openssl to sort this all out for us:
<pre lang="php">
// $keyString is a PEM encoded public key
$key = openssl_get_publickey($keyString);
$details = openssl_pkey_get_details($key);
</pre>
Assuming <tt>$key</tt> is an instance of <tt>OpenSSLAsymmetricKey</tt> and <tt>$details</tt> is an array, then:
<pre lang="php">
$modulus = $details['rsa']['n'];
$exponent = $details['rsa']['e'];
</pre>
Putting this into a PSR-15 request handler that is passed an array of public keys, we can put together a <tt>jwks.json</tt> response:
<pre lang="php">
<?php
declare(strict_types=1);
namespace App\Handler;
use Laminas\Diactoros\Response\JsonResponse;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\RequestHandlerInterface;
use Webmozart\Assert\Assert;
class JwksHandler implements RequestHandlerInterface
{
/**
* @param string[] $publicKeys
*/
public function __construct(private readonly array $publicKeys)
{
}
public function handle(ServerRequestInterface $request): ResponseInterface
{
$keys = [];
foreach ($this->publicKeys as $keyString) {
$key = openssl_get_publickey($keyString);
Assert::isInstanceOf(\OpenSSLAsymmetricKey::class, 'Public key is not valid.');
$details = openssl_pkey_get_details($key);
Assert::isArray($details, 'Public key details are not valid.');
$keys[] = [
'kty' => 'RSA',
'alg' => 'RS256',
'use' => 'sig',
'kid' => sha1($keyString),
'n' => strtr(rtrim(base64_encode($details['rsa']['n']), '='), '+/', '-_'),
'e' => strtr(rtrim(base64_encode($details['rsa']['e']), '='), '+/', '-_'),
];
}
return new JsonResponse(['keys' => $keys]);
}
}
</pre>
Note that we remove the base64 padding (<tt>=</tt> at the end) and also use the <a href="https://base64.guru/standards/base64url">Base64Url modification</a> where "<tt>+</tt>" is replaced with "<tt>-</tt>" and "<tt>/</tt>" with "<tt>_</tt>".
The other properties in the JSON object are:
<ul>
<li><a href="https://www.rfc-editor.org/rfc/rfc7517#section-4.1"><tt>kty</tt></a>: Key Type – the cryptographic algorithm family used with the key</li>
<li><a href="https://www.rfc-editor.org/rfc/rfc7517#section-4.4"><tt>alg</tt></a>: Algorithm – the specific cryptographic algorithm used.</li>
<li><a href="https://www.rfc-editor.org/rfc/rfc7517#section-4.2"><tt>use</tt></a>: Use – the intended use of the public key. "sig" for signature, "enc" for encryption.</li>
<li><a href="https://www.rfc-editor.org/rfc/rfc7517#section-4.5"><tt>kid</tt></a>: Key ID – used to match a specific key</li>
</ul>
The verifier reads the <tt>jwks.json</tt> file and iterates over the list to find the one that matches the <tt>kid</tt> in the JWT header that they are trying to verify. When they find it, the can then convert the modulus exponent back into a public key and verify the JWT as per usual.
]]></content:encoded>
<wfw:commentRss>https://akrabat.com/creating-jwks-json-file-in-php/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>A quick guide to JWTs in PHP</title>
<link>https://akrabat.com/a-quick-guide-to-jwts-in-php/</link>
<comments>https://akrabat.com/a-quick-guide-to-jwts-in-php/#respond</comments>
<dc:creator><![CDATA[Rob]]></dc:creator>
<pubDate>Tue, 19 Mar 2024 11:00:00 +0000</pubDate>
<category><![CDATA[PHP]]></category>
<guid isPermaLink="false">https://akrabat.com/?p=6983</guid>
<description><![CDATA[The most common use of JWTs is as an authentication token, usually within an OAuth2 workflow. Creating these tokens is part and parcel of the authentication library that you use. I recently had a requirement to use a JWT independent of authentication and these are some notes on what I learned when researching with Lcobucci\JWT. Make up of a JWT To really understand JWTs, read RFC7519. For a more readable introduction, read the one on… <a href="https://akrabat.com/a-quick-guide-to-jwts-in-php/">continue reading</a>.]]></description>
<content:encoded><![CDATA[The most common use of JWTs is as an authentication token, usually within an OAuth2 workflow. Creating these tokens is part and parcel of the authentication library that you use.
I recently had a requirement to use a JWT independent of authentication and these are some notes on what I learned when researching with <a href="https://github.com/lcobucci/jwt">Lcobucci\JWT</a>.
<h2>Make up of a JWT</h2>
To really understand JWTs, read <a href="https://datatracker.ietf.org/doc/html/rfc7519#section-1">RFC7519</a>. For a more readable introduction, read the one on <a href="https://jwt.io/introduction">jwt.io</a>.
Also, JWT is pronounced "jot".
The most important thing about a JWT is that it contains data and a signature. The signature allows you to verify that the JWT's data hasn't been tampered with. This works because the signature is signed with a secret. This can be a shared secret (a symmetrical algorithm) or a public/private key pair (asymmetric algorithm).
In my case, I'm only interested in signing a JWT using a public/private key as my client cannot securely hold a shared secret.
<h2>Creating a public/private key</h2>
<a href="https://www.openssl.org">OpenSSL</a> is your friend here. Create a <tt>keys</tt> directory and then use the command line.
To create a private key:
<pre>
openssl genpkey -algorithm RSA -out keys/private.key -pkeyopt rsa_keygen_bits:2048
</pre>
To create the public key from the private key:
<pre>
openssl rsa -pubout -in keys/private.key -out keys/public.key
</pre>
You will now have two files in the <tt>keys</tt> directory: <tt>private.key</tt> and <tt>public.key</tt>. Keep <tt>private.key</tt> safe and make <tt>public.key</tt> available to your clients.
<h2>Creating a token</h2>
Using Lcobucci\JWT, we create a <tt>Configuration</tt>:
<pre lang="php">
use Lcobucci\JWT\Configuration;
use Lcobucci\JWT\Signer\Rsa\Sha256;
use Lcobucci\JWT\Signer\Key\InMemory;
$configuration = Configuration::forAsymmetricSigner(
new Sha256(),
InMemory::file(__DIR__ . '/keys/private.key'),
InMemory::file(__DIR__ . '/keys/public.key')
);
</pre>
From our configuration, we can obtain a builder and specify our token:
<pre lang="php">
$keyId = '40597EB1-5E20-49B5-BDDF-B24D1B3B05B5';
$subject = '851828E8-C376-4026-9FD8-D2CCE406CD1C';
$now = new \DateTimeImmutable();
$builder = $configuration->builder()
->identifiedBy($keyId)
->relatedTo($subject)
->issuedBy('https://app.example.com')
->issuedAt($now)
->expiresAt($now->modify('+2 weeks'))
->withClaim('foo', 'bar');
</pre>
The data elements in a JWT are called claims. There are a number of <a href="https://datatracker.ietf.org/doc/html/rfc7519#section-4.1">registered claims</a> that are not mandatory, but you should set if they are relevant as all clients will recognise them and their purpose. In particular JWT ID, issuer, subject, issued at and expiration time are particularly useful. There are also a set of <a href="https://www.iana.org/assignments/jwt/jwt.xhtml#claims">public claims</a> that provide a standardised set of key names for common information which help avoid clashes.
Then there is the data specific to your application which are known as private claims. These can be whatever you like and in the example above, we have created a claim called "foo".
Finally we create the token itself:
<pre lang="php">
$token = $builder->getToken($configuration->signer(), $configuration->signingKey());
$tokenString = $token->toString();
</pre>
We can then send the token string in response to an API request, etc.
<h2>Validating a token</h2>
When we receive a token, we need to validate it. This means that we check that it hasn't been tampered with and we can also check that the data within it is as expected.
Firstly, we parse the token string back into a token object:
<pre lang="php">
use Lcobucci\Clock\SystemClock;
use Lcobucci\JWT\Encoding\JoseEncoder;
use Lcobucci\JWT\Signer\Rsa\Sha256;
use Lcobucci\JWT\Token\Parser;
$parser = new Parser(new JoseEncoder());
$token = $parser->parse($tokenString);
</pre>
To validate it, we need a validator and a set of constraints that the validator will test the token for:
<pre lang="php">
$validator = new Validator();
$clock = new SystemClock();
$constraints = [
new SignedWith(new Sha256(), InMemory::file(__DIR__ . '/keys/public.key')),
new LooseValidAt($clock),
new IssuedBy('https://app.example.com'),
];
</pre>
The three constraints here check that the JWT:
<ul>
<li>has been signed with the private key (by using the public key to verify)</li>
<li>is current and has not expired</li>
<li>was issued by the expected issuer</li>
</ul>
There are other constraints too – check the docs.
Note that the time based constraints use the <a href="https://www.php-fig.org/psr/psr-20/">PSR-20:Clock</a> interface, so we use <a href="https://github.com/lcobucci/clock">Lcobbucci/clock</a> as an implementation of it.
We can then assert these constraints:
<pre>
try {
$validator->assert($token, ...$constraints);
// Token is verified
$claims = $token->claims()->all();
} catch (RequiredConstraintsViolated $e) {
// Invalid token.
echo "**Invalid Token**\n";
foreach ($e->violations() as $violation) {
echo "- " . $violation->getMessage() . "\n";
}
exit(1);
}
</pre>
The <tt>assert()</tt> method will throw an exception with all the violations, so we can see everything that failed in one go which is useful.
That's all there is to issuing and validating arbitrary JWT tokens in PHP with Lcobucci\JWT.
]]></content:encoded>
<wfw:commentRss>https://akrabat.com/a-quick-guide-to-jwts-in-php/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>Sleeping an external hard drive</title>
<link>https://akrabat.com/sleeping-an-external-hard-drive/</link>
<comments>https://akrabat.com/sleeping-an-external-hard-drive/#respond</comments>
<dc:creator><![CDATA[Rob]]></dc:creator>
<pubDate>Tue, 12 Mar 2024 11:00:00 +0000</pubDate>
<category><![CDATA[Computing]]></category>
<guid isPermaLink="false">https://akrabat.com/?p=6964</guid>
<description><![CDATA[One annoyance I had with my external USB hard drives is that they weren't sleeping when idle which makes them noisy. We can't have that! My first port of call was hdparm and its -S parameter: sudo hdparm -S 60 /dev/sdb However this didn't help. Fortunately, I found hd-idle which worked! After installing, you need to edit /etc/default/hd-idle and change the HD_IDLE_OPTS setting from -h to whatever you need. For me, I have set: HD_IDLE_OPTS="-i… <a href="https://akrabat.com/sleeping-an-external-hard-drive/">continue reading</a>.]]></description>
<content:encoded><![CDATA[One annoyance I had with my external USB hard drives is that they weren't sleeping when idle which makes them noisy. We can't have that!
My first port of call was <a href="https://en.wikipedia.org/wiki/Hdparm"><tt>hdparm</tt></a> and its <tt>-S</tt> parameter:
<pre>
sudo hdparm -S 60 /dev/sdb
</pre>
However this didn't help.
Fortunately, I found <a href="https://hd-idle.sourceforge.net">hd-idle</a> which worked!
After installing, you need to edit <tt>/etc/default/hd-idle</tt> and change the <tt>HD_IDLE_OPTS</tt> setting from <tt>-h</tt> to whatever you need.
For me, I have set: <tt>HD_IDLE_OPTS="-i 0 -a sdb -i 60 -a sdc -i 60"</tt>
These parameters are:
<ul style="list-style-type: none">
<li><tt>-i 0</tt>: This first <tt>-i</tt> sets the idle timeout for all drives. <tt>0</tt> means no timeout which is what I want for all drives except my external USB ones.</li>
<li><tt>-a sdb -i 60</tt>: For only the disk set after the <tt>-a</tt>, set the idle time to the value of the subsequent <tt>-i</tt>. i.e. set sdb to 60 seconds timeout. </li>
<li><tt>-a sdc -i 60</tt>: For only the disk set after the <tt>-a</tt>, set the idle time to the value of the subsequent <tt>-i</tt>. i.e. set sdc to 60 seconds timeout. </li>
</ul>
Not completely intuitive, but easy enough once you have understood what's going on. I have left a comment in the <tt>/etc/default/hd-idle</tt> to remind me! 
Then after a reboot, <tt>ps aux | grep hd-idle</tt> showed that it was running and now my external drives are quiet.
]]></content:encoded>
<wfw:commentRss>https://akrabat.com/sleeping-an-external-hard-drive/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>Setting up a new hard drive in Linux</title>
<link>https://akrabat.com/setting-up-a-new-hard-drive-in-linux/</link>
<comments>https://akrabat.com/setting-up-a-new-hard-drive-in-linux/#respond</comments>
<dc:creator><![CDATA[Rob]]></dc:creator>
<pubDate>Tue, 05 Mar 2024 11:00:00 +0000</pubDate>
<category><![CDATA[Computing]]></category>
<guid isPermaLink="false">https://akrabat.com/?p=6941</guid>
<description><![CDATA[I recently added a second SSD to my Linux server and had to look up how to format it and set it up, having not taken notes for the first one. These are the notes I took the second time. This is all done from the command line and the monospace text is to be typed directly – though change the identifiers if requried. sudo lshw -C disk to confirm disk is seen by the… <a href="https://akrabat.com/setting-up-a-new-hard-drive-in-linux/">continue reading</a>.]]></description>
<content:encoded><![CDATA[I recently added a second SSD to my Linux server and had to look up how to format it and set it up, having not taken notes for the first one. These are the notes I took the second time.
This is all done from the command line and the <tt>monospace</tt> text is to be typed directly – though change the identifiers if requried.
<ol>
<li><tt>sudo lshw -C disk</tt> to confirm disk is seen by the BIOS and work out it's path. In this case, it's <tt>/dev/sdb</tt></li>
<li>Partition the disk with a single partition:
<ol>
<li><tt>sudo parted /dev/sdb</tt></li>
<li><tt>mklabel gpt</tt></li>
<li><tt>unit TB</tt></li>
<li><tt>mkpart</tt>
<ul>
<li>Partition Name: <tt>primary</tt></li>
<li>File system type: <tt>ext4</tt></li>
<li>Start: <tt>0%</tt></li>
<li>End: <tt>100%</tt></li>
</ul>
</li>
<li><tt>print</tt> to check everything is correct</li>
<li><tt>quit</tt> to save and exit</li>
</ol>
</li>
<li>Format the disk:
<ol>
<li><tt>sudo mkfs -t ext4 /dev/sdb1</tt></li>
<li>(press the <return> key to create the journal)</li>
</ol>
</li>
<li>Create mount point:
<ol>
<li><tt>sudo mkdir /media/ssd2</tt></li>
</ol>
</li>
<li>Update the filesystem table:
<ol>
<li>sudo vim /etc/fstab</li>
<li>Add this line: <tt>/dev/sdb1 /media/ssd2 ext4 defaults 0 2</tt></li>
<li>Mount it now: <tt>sudo mount -a</tt></li>
</ol>
<li>Set permissions:
<ol>
<li><tt>sudo chgrp plugdev /media/ssd2</tt></li>
<li><tt>sudo chmod g+rws /media/ssd2</tt></li>
<li><tt>sudo chmod +t /media/ssd2</tt></li>
</ol>
</li>
</ol>
All done and working. I then updated by backup scripts to back this drive up to an external hard drive too.
]]></content:encoded>
<wfw:commentRss>https://akrabat.com/setting-up-a-new-hard-drive-in-linux/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>Using GitHub Actions to add Go binaries to a Release</title>
<link>https://akrabat.com/using-github-actions-to-add-go-binaries-to-a-release/</link>
<comments>https://akrabat.com/using-github-actions-to-add-go-binaries-to-a-release/#comments</comments>
<dc:creator><![CDATA[Rob]]></dc:creator>
<pubDate>Tue, 27 Feb 2024 11:00:00 +0000</pubDate>
<category><![CDATA[Development]]></category>
<category><![CDATA[Go]]></category>
<category><![CDATA[Rodeo Flickr Uploader]]></category>
<guid isPermaLink="false">https://akrabat.com/?p=6950</guid>
<description><![CDATA[Shortly after building a script to create binaries for Rodeo, my command line Flickr uploader, I realised that I could use a Github Actions workflow to run it and attach the created binaries to the Release page once I had created it. This is what I did. Trigger on release A GitHub Actions workflow is a YAML file and each workflow has to be triggered. For Continuous Integration, it's common to trigger when new PR… <a href="https://akrabat.com/using-github-actions-to-add-go-binaries-to-a-release/">continue reading</a>.]]></description>
<content:encoded><![CDATA[Shortly after building a script to create binaries for <a href="https://github.com/akrabat/rodeo">Rodeo</a>, my command line <a href="https://www.flickr.com">Flickr</a> uploader, I realised that I could use a <a href="https://github.com/features/actions">Github Actions</a> workflow to run it and attach the created binaries to the Release page once I had created it.
This is what I did.
<h2>Trigger on release</h2>
A GitHub Actions workflow is a YAML file and each workflow has to be triggered. For Continuous Integration, it's common to trigger when new PR is opened or a new commit is pushed and then run tests on the code. In this case, I want to trigger when a new release is created. 
This is done in the <tt>on</tt> section:
.github/workflows/build-release-binaries.yml
<pre lang="yaml">
name: Build Release Binaries
on:
release:
types:
- created
</pre>
GitHUb documents the list of <a href="https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows">events that trigger workflows</a> and there's many. For each event (such as <tt>release</tt>) there are a number of activity types so you can be quite selective on exactly when you want the workflow to run. In this case, I want to bulid the binaries when the release is created.
<h2>The workflow steps</h2>
I have one job which is imaginatively named <tt>build</tt>. 
<h3>Set up</h3>
Each job has a set of steps and the first few are set up ones:
<pre lang="yaml">
jobs:
build:
name: Build Release Assets
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Set up Go
uses: actions/setup-go@v1
with:
go-version: 1.20
- name: Display the version of go that we have installed
run: go version
- name: Display the release tag
run: echo ${{ github.event.release.tag_name }}
</pre>
The workflow runs inside a container, so firstly we checkout the code and install Go. I then display the version of Go and the tag name to check that all is okay. This is mostly useful when something goes wrong.
<h3>Build the binaries</h3>
We already know <a href="/building-go-binaries-for-different-platforms">how to build release binaries</a>, so we can just run a script that does that:
<pre lang="yaml">
- name: Build the Rodeo executables
run: ./build-executables.sh ${{ github.event.release.tag_name }}
- name: List the Rodeo executables
run: ls -l ./release
</pre>
I've written <tt>build-executables.sh</tt> to take the version number as the first argument so that we can pass in the tag name. We then list what has been built to ensure that it is as we expect.
<h3>Upload the binaries</h3>
Finally we need to upload the binaries to the release. We use Sven-Hendrik Haase's <a href="https://github.com/svenstaro/upload-release-action">upload-release-action</a> to do this.
<pre lang="yaml">
- name: Upload the Rodeo binaries
uses: svenstaro/upload-release-action@v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
tag: ${{ github.ref }}
file: ./release/rodeo-*
file_glob: true
</pre>
A really nice feature of this action is that it can upload multiple binaries in a single step. This is incredibly useful as GitHub Actions workflows do not support looping of steps, just looping of jobs via the matrix property. Using matrix is wastegul for us as it creates a whole new container for each iteration. We do not need this as with Go one container can build all the binaries.
By setting the <tt>file_glob</tt> property to <tt>true</tt>, we can set the <tt>file</tt> property to a <a href="https://en.wikipedia.org/wiki/Glob_(programming)">glob pattern</a> and so reference all the files in the <tt>release</tt> directory. 

<h2>and done</h2>
This workflow runs automatically whenever I create a new release on GitHub, automatically building the binaries against that version of the code and attaching them so that people can download them without needing to build themselves.
Automations like this are what CI/CD pipelines are for.
]]></content:encoded>
<wfw:commentRss>https://akrabat.com/using-github-actions-to-add-go-binaries-to-a-release/feed/</wfw:commentRss>
<slash:comments>1</slash:comments>
</item>
<item>
<title>A few thoughts on conferences</title>
<link>https://akrabat.com/a-few-thoughts-on-conferences/</link>
<comments>https://akrabat.com/a-few-thoughts-on-conferences/#respond</comments>
<dc:creator><![CDATA[Rob]]></dc:creator>
<pubDate>Tue, 20 Feb 2024 11:00:00 +0000</pubDate>
<category><![CDATA[Conferences]]></category>
<guid isPermaLink="false">https://akrabat.com/?p=6971</guid>
<description><![CDATA[Last week, I attended PHPUK 2024. This is one of the major PHP conferences and I was pleased to speak about DDD there. Sam and the team did a fantastic job this year with the videos already published. To my mind, attending a conference provides a number of benefits. The first and most obvious one is that you learn some amazing things, from people who tend to know what they are talking about. At PHPUK… <a href="https://akrabat.com/a-few-thoughts-on-conferences/">continue reading</a>.]]></description>
<content:encoded><![CDATA[Last week, I attended <a href="https://www.phpconference.co.uk">PHPUK 2024</a>. This is one of the major PHP conferences and I was pleased to speak about DDD there. Sam and the team did a fantastic job this year with the videos <a href="https://www.youtube.com/playlist?list=PL_aPVo2HeGF-xaeC3amS4xSmPisiYQxgV">already published</a>.
To my mind, attending a conference provides a number of benefits. The first and most obvious one is that you learn some amazing things, from people who tend to know what they are talking about. At PHPUK there were talks directly relevant to day-to-day development, such as testing, API development and git usage. In addition, you get the opportunity to learn new things that may not be directly applicable today, but are useful for wider understanding or future applicability. I include the talks on serverless, pair programming, and non-traditional uses of PHP from this year's conference in this category.
One thing that a conference programme provides is curation. Sure, you can go to YouTube and find things to learn, but a conference provides a constrained set that the organisers believe is relevant now. 
In addition to the content itself, there's the so-called hallway track. This is short-hand for "talking to people informally during the conference". We could also call it networking. 
<img decoding="async" src="https://akrabat.com/wp-content/uploads/2024/02/IMG_7918-web.jpg" alt="" title="IMG_7918-web.jpg" border="0" width="400" style="float:right; margin-left: 0.5em;" />
The people at a conference know things that you don't and lots of them love to talk about the conference subjects. You can learn much by asking someone what they thought about a talk and then letting the conversation grow from there. If I see a group of people chatting in a break, I'll wander over and join the circle and listen to the conversation. I'll invariably learn something. The people you meet can also become useful contacts for the future. I have met many people at conferences and by these connections, have advanced my knowledge and career.
It's hard to summon up the courage to talk to someone, but in my experience, the speakers in particular are approachable. You already have a conversation starter as you can ask them about their talk and I've found that they are always very happy to chat.
I invariably come away from a conference inspired to do better work at my day-job and also to contribute to the community scene too. The energy from like-minded people at the same event all excited about the same topic cannot be underestimated.
There are many PHP and related conferences all over the world this year and I recommend that you try to attend one. In the US, <a href="https://tek.phparch.com">php[tek]</a> is in Chicago in April, In Europe, there's Amsterdam's <a href="https://phpconference.nl">Dutch PHP Conference</a> in March and then <a href="https://phpday.it">phpday</a> in Verona in May. For UK folks, <a href="https://laravellive.uk">Laravel Live UK</a> is in London in June. This is just scratching the surface and of course there are more in the second half of the year. The PHP website has a rather useful <a href="https://www.php.net/conferences/">list of PHP conferences</a>, so check it out.
There's also tech-agnostics conferences on topics like APIs, DDD, Open Source, and so on. I also recommend considering these too. You will be exposed to different ways of thinking that you can bring back to your own projects. The value of this cross-contamination of ideas across communities cannot be underestimated.
I've also found that relatively few people spend much of their time immersed in learning online in their own time. Another clear advantage of a conference is that you have reserved time and space for learning both formally and informally. Give yourself this opportunity and take advantage it.
]]></content:encoded>
<wfw:commentRss>https://akrabat.com/a-few-thoughts-on-conferences/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
</channel>
</rss>

If you would like to create a banner that links to this page (i.e. this validation result), do the following:

Download the "valid RSS" banner.
Upload the image to your own server. (This step is important. Please do not link directly to the image on this server.)
Add this HTML to your page (change the image src attribute if necessary):

<a href="http://www.feedvalidator.org/check.cgi?url=http%3A//akrabat.com/feed/"><img src="valid-rss-rogers.png" alt="[Valid RSS]" title="Validate my RSS feed" /></a>

If you would like to create a text link instead, here is the URL you can use:

http://www.feedvalidator.org/check.cgi?url=http%3A//akrabat.com/feed/

Home · About · News · Docs · Terms