Jira Magic

 For years now I was struggling with JIRA filters to only see the right tickets. And while `the right ticket` means different things for different people, for me, as an individual contributor, I would like to see the tickets that are relevant and I have or had something to do with them. The challenge comes from the fact that each JIRA instance (and project) can have quite a variety of statuses, like InProgress, In Progress, Development, In Development, Dev, DEV, etc. What makes things even worse is that a ticket can be closed with different statuses, such as Done, Won't Fix, Cancelled just to name a few.

Today, I found my silver bullet in the form of this JIRA filter:

project in recentProjects()
AND
statusCategory != Done 
AND
(reporter = currentUser()
OR
assignee was in (currentUser()) during(startOfDay(-14d), endOfDay()) )
ORDER BY created DESC

Now let's break apart the above query:

The first condition is essentially a place-holder in case one uses multiple projects in the same instance. I typically don't so instead of recentProjects I can substitute my current project(s) code, like ABC.

The 2nd condition will filter out all tickets that are considered 'Closed' or one of the equivalent states, like Won't Do, Done etc. The beauty of said filter is that as long as a status' category is Done it will work.

The 3rd condition is going to show tickets which were created by me. From an Induvidual Contribution perspective these are few and far between, compared to a Product Owner who probably creates quite a few tickets each day.

The last condition will show tickets where I was the assignee at some point in the past 2 weeks, and they are still not done. That indicates that my contribution was necessary in the past. (E.g. a ticket that was developed by me, but is currently being tested by the QA or getting deployed by devops etc.) This filter is magical since tickets won't disappear from my view as long as I am not the assignee. (My contribution might be necessary again)

Configuring YubiKey with WSL 2.0

 This is a step-by-step guide on how to configure WSL 2.0 so it can work with YubiKey as the SSH/gpg client.

1. Download & Install Gpg4Win.
    a.) Reboot

2. Configure %APPDATA%\gnugp\gpg-agent.conf:

enable-ssh-support

enable-putty-support

3. Configure %APPDATA%\gnugp\gpg.conf

# Avoid information leaked

no-emit-version

no-comments

export-options export-minimal

# Displays the long format of the ID of the keys and their fingerprints

keyid-format 0xlong

with-fingerprint

# Displays the validity of the keys

list-options show-uid-validity

verify-options show-uid-validity

# Limits the algorithms used

personal-cipher-preferences AES256

personal-digest-preferences SHA512

default-preference-list SHA512 SHA384 SHA256 RIPEMD160 AES256 TWOFISH BLOWFISH ZLIB BZIP2 ZIP Uncompressed

cipher-algo AES256

digest-algo SHA512

cert-digest-algo SHA512

compress-algo ZLIB

disable-cipher-algo 3DES

weak-digest SHA1

s2k-cipher-algo AES256

s2k-digest-algo SHA512

s2k-mode 3

s2k-count 65011712

###+++--- GPGConf ---+++###

utf8-strings

4. Configure %APPDATA%\gnugp\gpa.conf

default-key GPG-KEY-ID-40-CHAR-LONG

5. Configure %APPDATA%\gnugp\scdaemon.conf

reader-port Yubico Yubikey

6. Copy https://github.com/NZSmartie/npiperelay/releases/tag/v0.1 to %APPDATA%\npiperelay

7. Run gpg --keyserver hkps://keys.openpgp.org --recv-keys <gpg-key-id>

8. Copy https://github.com/benpye/wsl-ssh-pageant/releases/tag20201121.2 to %APPDATA%\wsl-ssh-pageant

9. cd \ && mkdir Programs && cd Programs && mklink /J GnuPG "C:\Program Files (x86)\GnuPG"

10. Create environment variable in Windows with SSH_AUTH_SOCK = \\.\pipe\ssh-pageant

11. Follow Script instructions from: https://gist.github.com/Hegi/d7f4a1cdd91a2ae82e6f2abc7c2842ff

12. Ensure that gpg-connect-agent /bye runs during windows startup

13. configure git and set gpg.program to /mnt/c/Programs/GnuPG/bin/gpg.exe and commit.gpgSign to true

Unit testing constants?

 I have the following constants defined:

Those constants are used locally in separate parts of the code piece. (The RDS one is used in LIMIT clauses for SQL, while the commercetools one is used in a SaaS offering's API) And that's it.

We could easily limit 2000 lines on the RDS side without any problem. However, commercetools won't send back more than 500 items in a query, no matter what.

It's not the end of the world. However, in that case, the logic on the commercetools side needs to splice the input array to no larger than 500-piece chunks, make requests that way, and stitch everything back together. Doable but also avoidable if we just set both to 500.

Setting up these variables separately ensures that both classes are still isolated, etc. But what do I do with this quite important bit of information that's implicit in the setup and that has the potential to break the whole import code if ignored?

I could document it, but we all know that's the last place a developer would look for - myself included.

So the real answer is: unit tests

And that is why we have this seemingly irrelevant unit test in place. The most ironic part is that no amount of tooling (like code coverage) would ever flag the need for this test. I would even venture that some tools would call out that this is a "useless" test case for two constants...

 If you have a better idea of how to solve this, let me know, please!

Schedule Full Windows Defender Scan

 In the organization where I work, there is a BYOD policy. However one's own device needs to install a corporate policy enforcer application, called OPSWAT. Organization policy is configured that if a Full Windows Defender Scan isn't performed within a week - the trust in Windows Defender is admirable - then connection to corporate resources is blocked. Now running a full scan periodically is tedious (Start menu > Windows Security > Virus & threat protection > Scan options > Full scan, Scan now).

Instead I opted to automate the full scan. As it turns out Windows' own Task scheduler is prepared with a template which one only needs to tweak a little. So go to Start Menu, then type in Task. Go into task scheduler and go down in Task Scheduler Library > Microsoft > Windows > Windows Defender > Windows Defender Scheduled Scan. The only problem is, that the predefined job is only for Quick scan, not a full one.

First we need to modify the actual command which needs to be executed. The program itself is correct, however the arguments should say Scan -ScanType 2. (Where 2 stands for global scan) No other arguments are needed.

The other bit is the trigger. Since I am running my Windows instance in a VM, I opted for a daily scheduled run. If you need to do this on your main machine, then I'd recommend to set the schedule up a less frequent scan. (Since it's a VM, it only has files which are strictly necessary for my work, hence the runtime is below 5m. YMMW)

One last tip: Sometimes Windows defender exits with an error code (0x2 was the most common) when only the above two options are set. It happened to me as well. Once I changed the user from SYSTEM into my local admin one, this error went away. I am not sure if this is the correct solution, but it is most certainly a viable workaround.

YubiKey and GPG: How to add a new e-mail to an existing key

So the recommendation for storing GPG keys with YubiKey is to:

• Store public keys on the GPG key chain
• Store the private sub-keys on YubiKey
• Store the private key offline, in a separate storage location

Hence, in order to edit the master key one first needs to import the master key back:

gpg --import /path/to/offline/master/key/MASTERKEY.priv.asc

gpg --edit-key MASTERKEY

    adduid # Fill out form

    uid n # where n is the new uid number

    primary # To set the new e-mail as the primary e-mail address for the key

    save

This will add the new identity to the existing GPG key. Now the only thing left is to export the new version of the public information (along with the private keys for good measure)

gpg -a --export MASTERKEY > /path/to/offline/master/key/MASTERKEY.pub.asc

gpg -a --export-secret-key MASTERKEY > /path/to/offline/master/key/MASTERKEY.priv.asc

gpg -a --export-secret-subkeys MASTERKEY > /path/to/offline/master/key/MASTERKEY.priv-sub.asc

Now that everything is at a safe place once again, we shall remove the private keys from the machine (and keep using YubiKey whenever they're needed). That can be done by deleting the private keys plus invoking a simple card-edit.

gpg --delete-secret-key MASTERKEY

gpg --card-edit

You'll know that you're successful if you see the # in front of the master key (indicating that the private key is uknown) and the > in front of the ssb entries (indicating that the private keys are stups on the machine and that the actual keys are stored on your YubiKey)

sec#  rsa4096/0xAAAAAAAAAAAAAAAA 2018-07-15 [C] [expires: 2020-06-16]

      Key fingerprint = DDDD AAAA 9999 7777 6666  EEEE 8888 1111 0000 1111

uid                   [ultimate] John Smith <jsmith@corp1.com>

uid                   [ultimate] John Smith <john.smith@corporation.com>

uid                   [ultimate] John Smith <john_smith4@company.com>

ssb>  rsa2048/0xBBBBBBBBBBBBBBBB 2018-07-15 [E] [expires: 2020-06-16]

ssb>  rsa2048/0xCCCCCCCCCCCCCCCC 2018-07-15 [S] [expires: 2020-06-16]

ssb>  rsa2048/0xDDDDDDDDDDDDDDDD 2018-07-15 [A] [expires: 2020-06-16]

Configuring Yubikey Touch

 Steps:

• Download Yubikey Manager
• Use the following commands to check the status:

ykman openpgp info

ykman openpgp set-touch aut on # or off

ykman openpgp set-touch sig on # or off

ykman openpgp set-touch enc on # or off

src: https://github.com/drduh/YubiKey-Guide#require-touch

Moving "Wide audience" to BCC

 At the company where I work there is a great collaborative culture, and I love that. As part of this culture, we have large Outlook distribution lists (DLs) with hundreds or even thousands of employees being a member. And some of these memberships are mandatory, such as "Everyone" or "ORG-Unit-X" etc.

Now the perk of this is that if you need help, you can send out an e-mail to let's say "All-PMS-In-The-Universe" with your question, and chances are you'll get an answer. And this is great. And our corporate policy is to put the DL into BCC, so we can avoid spamming the rest of the DL who's not interested. (If the DL goes accidentally into TO or CC people usually have the decency to delete the DL after hitting reply-all)

But, sometimes people forget and you'll end up getting a ton of uninteresting messages. Now every once in a while these messages will start spamming your inbox. People sometimes step in and sacrifice themselves by moving the DL into BCC and sending it out, but again, chances are they're also disinterested, but they're willing to take one for the team. Which is a great thing to do, but completely unnecessary.

In Outlook, when you compose an e-mail you have the option to specify an alternative e-mail address that will receive the reply instead of your. Simply provide there the e-mail address of the original sender, and call it a day. That way you'll stop getting the spam as well.