Category Archives: Uncategorized

Why can’t I create a new socket or bind to a new port in my new app on macOS?

I’m building a new app on macOS. It’s the first time I’m building in Swift (and SwiftUI) and the latest Xcode (15.2). My app requires me to use UPnP to connect to a smart device on the network. I decided to use SwiftUpnp. However, I quickly ran into a problem. The library can’t start a HTTP listener, which is a prerequisite to starting service discovery. The error was a cryptic “Couldn’t start http server on port 0. The operation couldn’t be completed. (Swifter.SocketError error 2.)”. Copilot and ChatGPT only gave a generic answer regarding not using 0 as a port. Looking deeper into the code, SwiftUPnP tries to find a free port, falling back to 0 if it fails. Something has gone wrong since there are a lot of free ports on my machine. It uses Darwin.bind to test if a port is free, however the call is always returning -1, which I guess means the port is not free. Searching up and down the Google didn’t yield much useful information.

Is it because the app is not signed? I’ve been compiling the app as an unverified developer. I know that for iOS apps, your app needs to be signed with certain entitlements for greater access to device functionality. Do you now need to do the same for macOS?

It turns out that there is now a bunch of Sandbox options for apps, which by default doesn’t let you perform incoming or outgoing connections.

Ticking those boxes solved this issue. Hopefully this will help someone in the future!

ext4 encryption, multiple filesystems and salt

Recently, I started to play around with ext4 transparent encryption. Following basic instructions from Arch Linux wiki, it was really easy to get it up and running. However, when using it with two ext4 filesystems, things get a little more complicated.

How to get the ext4 filesystem salt?

Each encryption enabled ext4 filesystem has a randomised salt. Salt is added to your key to thwart rainbow table attacks, especially with weak passwords. The salt for an ext4 filesystem is stored in the superblock and can be obtained with the dumpe2fs command:

# sudo dumpe2fs /dev/sdb2 | grep Salt
Encryption PW Salt: d24c7f08-5092-4b3a-9180-6ed8244513e8

Which key descriptor corresponds with which filesystem?

When using e4crypt add_key, you will get a separate descriptor for each mounted ext4 encryption enabled filesystem for the same password, due to different filesystems having different salt. Unfortunately it doesn’t say which descriptor was generated from which FS. However, you can determine this by providing the salt (obtained in the previous step) manually to the e4crypt command:

$ /usr/sbin/e4crypt add_key -S d24c7f08-5092-4b3a-9180-6ed8244513e8
Enter passphrase (echo disabled):
Added key with descriptor [9b9cf8b934f6d7bc]

It is important to know which key descriptor corresponds with which filesystem as if you used a descriptor with salt from filesystem 1 on filesystem 2, the descriptor will only ever be there if you add_key while filesystem 1 is mounted. Worse yet, if you reformat filesystem 1 and lose the salt, your filesystem 2 data will be gone forever.

To be safe, when you have multiple mounted filesystems with encryption, I would recommend always providing the salt when add_key.

Running shell (bash) commands in .NET Core C#

In a lot of languages and platforms, you can easily execute shell or bash commands – like using back tick for example in PHP:
[php]
`echo hello`;
[/php]

In the .NET Core world, it’s a little bit more involved – so I wrote a helper class:

[csharp]
using System;
using System.Diagnostics;

public static class ShellHelper
{
public static string Bash(this string cmd)
{
var escapedArgs = cmd.Replace("\"", "\\\"");

var process = new Process()
{
StartInfo = new ProcessStartInfo
{
FileName = "/bin/bash",
Arguments = $"-c \"{escapedArgs}\"",
RedirectStandardOutput = true,
UseShellExecute = false,
CreateNoWindow = true,
}
};

process.Start();
string result = process.StandardOutput.ReadToEnd();
process.WaitForExit();

return result;
}
}

[/csharp]

It’s an extension method, so after importing the namespace (if different), you can use it like this:

[csharp]
var output = "ps aux".Bash();
[/csharp]

output will contain the STDOUT of the result. Currently STDERR is not captured, but the above could easily be modified to do just that by changing the property RedirectStandardOutput and reading process.StandardError.

Issue with Xaml Designer – An error occurred loading this property page

So after installing Visual Studio 2015 Update 2, my Xaml Designer decided to stop working. Every time I open the designer by clicking on a xaml file, it would show an error dialog that says “Visual Studio has encountered an unexpected error.” – not very helpful. Going to the menu, Options > Xaml Designer > General property page would yield an error “An error occurred loading this property page”.

I then tried re-installing Visual Studio 2015. Same issue. I then tried opening Expression Blend, it doesn’t work, but I got a some more interesting clues – it tells me to check ActivityLog.xml – In it, there was a telling error:

SetSite failed for package [XamlDesignerPackage][This access control list is not in canonical form and therefore cannot be modified.

Basically my permissions were corrupted somewhere in some file. I had a hunch. A test by logging on to a fresh Windows user account and opening VS xaml editor confirmed that the issue was limited to my profile account. I tried remove all traces of Visual Studio from profile but removing the obvious AppData folder didn’t fix the issue. There were just too many places it hides files. As a last resort, I reset all permissions on my profile folder such that I was the owner and had write access and surprise! it works!! Now I know what to try next time.

Let’s Encrypt with Exim and Dovecot

Following my post on setting up Let’s Encrypt with nginx, I experimented with installing the certificates from letsencrypt on my mail server. It was surprisingly straightforward. The key was that the verification of the domain, which requires port 80 or port 443 to be accessible on the host of the mail server. I run a secure mail server with Dovecot and Exim. Since on the server, nothing was hosted on port 80, I used the standalone plugin that runs a temporary standalone HTTP server for letsencrypt / certbot to access:

Continue reading

HTTPS with Let’s Encrypt SSL and Nginx (using certbot)

A few days ago I enabled HTTPS and SSL/TLS on this blog. A big barrier to enabling SSL on your website is the cost of the SSL certificate and the maintenance overhead of having to constantly renew your certificate. You could already get free SSL certificates with StartSSL, but the process of obtaining the certificate is still a manual process. A few months ago Mozilla and a bunch of companies came together and created Letsencrypt, a service which issues free SSL certificates that are automatically generated with a command line tool. When set up correctly, it alleviates the need for manual intervention. As of the writing of this blog post, the service is still in beta and support for Nginx is minimal, but it’s not difficult to set up.

Continue reading

How I fixed my random Visual Studio 2015 crash

For the past few days, my newly installed Visual Studio 2015 would randomly crash, naturally at the most inconvenient of times. In the 10 odd instances I could notice no discernable pattern to the crashes. It seems to happen randomly but consistently.

2015 comes with a new feedback feature in the form of smilies. You can send Microsoft a smile or a frown. I have been sending frowns every time the crash happened. Whoever opens and reads this frown would have seen my increasingly desperate messages.

Continue reading

Bridging VirtualBox and LXC

I have a Linux box that runs both LXC and VirtualBox side by side. All the containers and VMs are set to bridge mode. Unfortunately for some reason, the VirtualBox VMs can’t talk to LXC containers. Pinging yields a response, but any TCP connection fails. Both LXC and VBox can talk to the host fine. This is how you can resolve the issue.

Continue reading