Blog

We offer the articles below in the hope that they will be useful, but we cannot accept liability for any problems caused by the instructions that they contain. If you have a problem, question or feedback relating to one of our articles, please post a comment so that other readers can benefit. We regularly review comments and reply or update the articles, to ensure their continued usefulness. All articles are provided free, without any advertising or tracking, for the benefit of the technical community.

If you require paid commercial support, please contact us for assistance.

How to fix "Failing ping: socket: Operation not permitted" in Docker container running Uptime Kuma

Since 2023 I've been using Monit running on an old laptop to ping devices on the campus network. If something something important goes offline (eg. a switch or an IP phone) it sends me an email, and it also provides a web interface where my colleagues can see the status to support troubleshooting when I'm unavailable.

Differences in inter-sheet references between Microsoft Excel and LibreOffice Calc

Today’s post is about a bit of a niche issue! Recently I was working on a PHP site that generates spreadsheets in Excel 2007+’s .xlsx format. For years we’ve been using PhpSpreadsheet to generate the spreadsheets. Since I don’t use Microsoft Office, I usually test them using LibreOffice. All seemed well, but in user acceptance testing, users told me that they were getting the following warning when they opened one of the spreadsheets in Excel:

We found a problem with some content in '<filename>.xlsx'. Do you want us to try to recover as much as we can? If you trust the source of this workbook, click Yes.

Prevent false positives for PostgreSQL in chkrootkit and rkhunter

In its default configuration on recent versions of Debian, PostgreSQL creates shared memory segment files in /dev/shm/. Common rootkit detection software such as chkrootkit or rkhunter flags these as potential indicators of infection. The file names are randomly generated, which makes filtering them out a little tricky. Here’s how to avoid the system flagging them up as false positives.

Preventing cross-site scripting in mixed PHP/JavaScript

In my security work, I spend a large proportion of my time making sure that user input is properly escaped. This is essential to prevent SQL injection and cross-site scripting (XSS) attacks. Thanks to prepared statements, SQL injection is easy to avoid*, even in old code bases. Unfortunately XSS can be more difficult to catch when dealing with PHP. This is due to the potential mix of single quotes, double quotes, backticks, PHP syntax, JavaScript syntax, and HTML syntax.

Prepopulate username field on web app login pages

Often I need to access several web apps running on the same hostname, with different usernames. For example, I might need to access webmail, phpMyAdmin, and a wiki all on https://dev.example.com/. For convenience, I usually save the login details in the web browser, but if there are multiple different usernames on the same host then the browser doesn’t know which one to automatically populate into the login field. However, if each login page itself prepopulates the username, then the browser is then able to prepopulate the saved password as well.

Updating Spotify apt key

If you’re using the native desktop Spotify client on Debian or Ubuntu, you may have noticed that they don’t seem to have figured out how to rotate their apt signing keys automatically. This means that apt updates will periodically fail with the following message:

GPG error: http://repository.spotify.com stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY ABCDEF1234567890
The repository 'http://repository.spotify.com stable InRelease' is not signed.