Activity for Gaetano Giunta
-
Gaetano Giunta posted a review on Barcodepack
-
Ok, thanks for the insight. Keep up the good work :-)
-
PS: I must admit that I've been using KeePass 1 and 2, and they never crashed on me once :-D
-
Hello. Excuse my ignorance on the matter - maybe this is already implemented, or it makes no sense whatsoever for keepass - I might look like an incompetent fool with this proposal. However, here it is: I have recently been working on an application (server-side, written in php) for the developer of VeraCrypt, designed to gather anonymised data of crash reports such as program version info, stack trace, etc. The app has not yet been put online, but it is basically complete. It is quite simple, with,...
-
@idrassi I have created a new branch which changes the interaction between VC and the CC: - GET is used by default instead of POST - if there are errors in the data, an html page is shown instead of a plaintext one - the names of the query string args are the same as in the existing VC code - the php code takes care of decoding the custom format used by VC to send call stack data See: https://github.com/veracrypt/VeraCrypt-CrashCollector/compare/master...gggeek:gg/fix-interactin-with-vc?expand=1...
-
Honestly, this goes beyond what I expected for this feature and it is evolving into a dedicated project for reusable crash reporting. Indeed, I am also surprised at how much code had to be written to achieve the required functionality :-D On one hand, I might have avoided putting in all the extension points and layers and flexibility; on the other hand, I had more free time than planned, and indeed it would be nice if this ended up being used by other projects too! Given the call stack example, I...
-
Yes, filling out the form is all that is needed. You might have to specify the names of all the collaborators you are asking licenses for, and mention the fact that there are more than one github repo involved. Getting the licenses is not a given though - they used to be much more liberal about it, but have tightened the rules over time. Human examination of the submission is involved. Licenses have to be renew every year (maybe it is 6 months now?) by basically sending an email, and they might not...
-
Hello hello. I messed up a bit with GitHub, and the currently open PR has been updated with the tip of my development branch. i.e. it has all functionality atm. Apart from adding tests, this is a list of possible improvements and new features which I'd like to discuss: 1. adding a pepper in the password hasher config - it is recommended by owasp best practices 2. also: set min. length for passwords / maybe other rules? 3. also: should we make user email unique? (it helps with the forgotpassword logic)...
-
@idrassi side question: do you have already free licenses from Jetbrains for VeraCrypt? If not, I'm happy to request licenses for CLion and PHPStorm / the complete toolbox (the request form is at https://www.jetbrains.com/shop/eform/opensource )
-
The rate-limiting code is now ready, based on usage of Redis, in a dedicated branch in my own fork. I have written some details in the comments of the currently open PR.
-
Hello hello. I started looking at the implementation of the rate-limiting logic. Even if we can hope that irl most users will not hit VC crashes frequently, the goal of the rate-limiter is to sustain (and prevent) massive concurrent accesses. In order to keep track of the number-of-requests-per-time-window from a given "user" (which we'd identify by client IP, I presume), a data store which supports high-concurrency updates is necessary. As far as I am aware, sqlite is not quite designed for that...
-
Hello. I'm not dead! Just been a bit busier than expected. Here's the 1st commit - https://github.com/gggeek/VeraCrypt-CrashCollector/tree/gg/devel. A PR is likely within 1-2 weeks max
-
Forked. I see a link to the contributing guidelines, but there's no such doc yet. Do you have it available somewhere?
-
To be honest, I'd rather go either with the Symfony Microkernel Trait, or, maybe better, with plain old everything-from-scratch php. It's not that I have a grudge with Slim, but, given the requirements so far, I see little value in using micro-frameworks, as routing will be extremely simple, dependency injection too, and configuration management reduced to wrapping access to a few env vars. As for logging, a simple class implementing psr/log can do. I'd go for PDO for accessing the DB, trying to...
-
To be honest, I'd rather go either with the Symfony Microkernel Trait, or, maybe better, with plain old everything-from-scratch php. It's not that I have a grudge with Slim, but, given the requirements so far, I see little value in using micro-frameworks, as routing will be extremely simple, dependency injection too, and configuration management reduced to wrapping access a few env vars. As for logging, a simple class implementing psr/log can do. I'd go for PDO for accessing the DB, trying to keep...
-
Another question: is it worth investing time in the investigation of existing projects/libraries which might implement this, or is it desirable to keep the external code to a minimum, and have it fully built in-house (eg. for auditability purposes)?
-
I moved the discussion about crash reporting to https://sourceforge.net/p/veracrypt/discussion/technical/thread/56cbb1c443/
-
@idrassi first round of questions: hosting. Who provides for that? authentication of the people who will be able to access the data. I imagine that the data will not be made available to the general public, but a team of developers will have access, with a subset being the maintainers. How do we manage authentication/authorization? interface for searching over the collected data: I'd think that a simple web page allowing to filter over each field, possibly using wildcards would be enough. Or should...
-
(the original thread where this started can be found at https://sourceforge.net/p/veracrypt/discussion/general/thread/3903ea9e97/) As requested by @idrassi, a system should be implemented, that collects VC crash reports and makes them available for usage by the developer team. The requirements are loosely defined as: "What is needed is a webpage (in PHP, for example) that would gather this information and store it in a database in a usable format. An admin interface should allow exploration of the...
-
(the original thread where this started can be found at https://sourceforge.net/p/veracrypt/discussion/general/thread/3903ea9e97/) As requested by @idrassi, a system should be implemented, that collects VC crash reports and makes them available for usage by the developer team. The requirements are loosely defined as: "What is needed is a webpage (in PHP, for example) that would gather this information and store it in a database in a usable format. An admin interface should allow exploration of the...
-
@idrassi indeed that sounds like something I could tackle. I'd start out with a discussion about the hosting infrastructure and the security / privacy implications of the data storage. Is that something ok for a forum discussion, or better to go for a chat or conf call?
-
Hi. I'd be happy to contribute some of my time, but I'm not sure where to start / what i could pick up. I consider myself versed in IT security, but have been working only in the website space for the last 15 years or so - coding mostly in php, with a bit of python/js/java thrown in. Never done any proper crypto. Run Win10 on my own rig. Proficient in italian/english/french. Sorry for spamming this thread ;-)
-
Thanks!
-
It is set to 250%. Note that I do have 2 monitors in use, with very different DPI
-
another screenshot
-
Replace strip broken - can not insert replacement text
-
Thanks, really cool. However, I only have one physical disk drive on my laptop. I think I have read that wsl atm only allows mounting linux "drives", not partitions. Would the schema you propose work with the veracrypt partition sitting next to, say, the currently active windows partition and a linux partition, all on the same disk?
-
Wrong encoding of latin-1 characters in range 200 - 209
-
Status update: for now, I went with embedding in my app the single-file version of Adminer, along with a couple of plugins. As an enhancement, I'm thinking to add in the future a php/shell script to run automatically on exection of composer update (a post-update script) to check if a new version of adminer is available and if so to download and install it automatically... In the meanwhile, I do keep around the source-code version as well, installed via composer, as it is useful for troubleshooting...
-
ps: nevermind. When adding the sql-server cliient to php, besides pdo the mssql extension is also built by default. As soon as I neabled it in php.ini, Adminer allowed me to connect.
-
I recently downloaded the MS SQL Server client on Linux for SqlServer 2017 and 2019. The php extension which got built by default is pdo_sqlsrv (I think I could build the odbc driver, but I see no reason to bother). Would it make sense for me to send a PR adding support for the php extension pdo_sqlsrv to connect to MS SQL ?
-
I recently downloaded the MS SQL Server client on Linux for SLqServer 2017 and 2019. The php extension which got built by default is pdo_sqlsrv (I think I could build the odbc driver, but I see no reason to bother). Would it make sense for me to send a PR adding support for the php extension pdo_sqlsrv to connect to MS SQL ?
-
Hello I am the developer behind a multi-database-sql-testing tool: https://github.com/gggeek/db-3v4l Although it is still pretty rough, it is now at the point where it could benefit from having some kind of GUI. Since I am a great fan of Adminer, I thought I would incorporate it as part of the web interface. I have started looking at the existing Adminer plugins, and it seems that by making make use of some of them, I could achieve the level of customisation that I want (eg. customizing the list...
-
Altra nota: mi sembra che l'esmpio di chiamata che si trova alla pagina https://tdocs.wubook.net/wired/intro.html#data-types-and-xml-representations per il php non sia a prova di proiettile, poiche' manca la verifica che la risposta ricevuta non sia di tipo errore. Una versione migliore sarebbe: <?php include("xmlrpc.inc"); $server = new xmlrpc_client($url); $args = array(new xmlrpcval($user, 'string'), new xmlrpcval($pass, 'string'), new xmlrpcval($pkey, 'string')); $message = new xmlrpcmsg('acquire_token',...
-
PS: per vedere l'xml prodotto, senza tentare di contattare il server, basta fare: $args = array(...); $message = new xmlrpcmsg('update_avail', $args); var_dump($message->serialize());
-
Need help for xmlrpc array of rooms
-
Need help for xmlrpc array of rooms
-
Allora: 1- penso ci sia ancora un errore nel codice mostrato, quello corretto dorebbe essere: $args = array( new xmlrpcval(1511561.3212, 'string'), new xmlrpcval('1852', 'int'), new xmlrpcval('16/09/2018', 'string'), php_xmlrpc_encode($roomdays) ); 2- il modo migliore per debuggare la comunicazione col server e vedere se l'encoding dei paramteri ha funzionato come atteso e' utilizzare il metodo setDebug della classe xmlrpc_client, pe: $client = new xlmlrpc_client(...); $client->setDebug(2); $args...
-
PPS: not too important, but this project has moved to github, and all tickets should be opened there going forward...
-
Hello Daniele. The error in your code is that you assume that the construct "new xmlrpcval($roomdays, 'array')" will work on an arbitrarily nested php array. It will not: the constructor for your xmlrpcval object assumes that $roomdays is an array of values which are pre-encoded xmlrpcvals themselves, eg: new xmlrpcval(array('id' => new xmlrpcval(12, 'int'), ...)) This forces you to write the code so that the xmlrpc values are built in a specific order, and can be tedious or constraining. The easy...
-
i8 type not supported
-
Implemented!
-
Support for i8 64 bits integer
-
Less than 10 years in the making... and support for i8 has been merged!
-
Sorry, I will not reply any more on this forum. Please do as advised, and move the...
-
Can you please open the ticket on github? The project is not using sourceforge anymore...
-
- add shutdown notice
-
PHPXMLRPC goes to github
-
PHPXMLRPC goes to github
1
