Jira Magic

 For years now I was struggling with JIRA filters to only see the right tickets. And while `the right ticket` means different things for different people, for me, as an individual contributor, I would like to see the tickets that are relevant and I have or had something to do with them. The challenge comes from the fact that each JIRA instance (and project) can have quite a variety of statuses, like InProgress, In Progress, Development, In Development, Dev, DEV, etc. What makes things even worse is that a ticket can be closed with different statuses, such as Done, Won't Fix, Cancelled just to name a few.

Today, I found my silver bullet in the form of this JIRA filter:

project in recentProjects()
statusCategory != Done 
(reporter = currentUser()
assignee was in (currentUser()) during(startOfDay(-14d), endOfDay()) )

Now let's break apart the above query:

The first condition is essentially a place-holder in case one uses multiple projects in the same instance. I typically don't so instead of recentProjects I can substitute my current project(s) code, like ABC.

The 2nd condition will filter out all tickets that are considered 'Closed' or one of the equivalent states, like Won't Do, Done etc. The beauty of said filter is that as long as a status' category is Done it will work.

The 3rd condition is going to show tickets which were created by me. From an Induvidual Contribution perspective these are few and far between, compared to a Product Owner who probably creates quite a few tickets each day.

The last condition will show tickets where I was the assignee at some point in the past 2 weeks, and they are still not done. That indicates that my contribution was necessary in the past. (E.g. a ticket that was developed by me, but is currently being tested by the QA or getting deployed by devops etc.) This filter is magical since tickets won't disappear from my view as long as I am not the assignee. (My contribution might be necessary again)


Configuring YubiKey with WSL 2.0

 This is a step-by-step guide on how to configure WSL 2.0 so it can work with YubiKey as the SSH/gpg client.

1. Download & Install Gpg4Win.
    a.) Reboot

2. Configure %APPDATA%\gnugp\gpg-agent.conf:


3. Configure %APPDATA%\gnugp\gpg.conf

# Avoid information leaked
export-options export-minimal

# Displays the long format of the ID of the keys and their fingerprints
keyid-format 0xlong

# Displays the validity of the keys
list-options show-uid-validity
verify-options show-uid-validity

# Limits the algorithms used
personal-cipher-preferences AES256
personal-digest-preferences SHA512
default-preference-list SHA512 SHA384 SHA256 RIPEMD160 AES256 TWOFISH BLOWFISH ZLIB BZIP2 ZIP Uncompressed

cipher-algo AES256
digest-algo SHA512
cert-digest-algo SHA512
compress-algo ZLIB

disable-cipher-algo 3DES
weak-digest SHA1

s2k-cipher-algo AES256
s2k-digest-algo SHA512
s2k-mode 3
s2k-count 65011712

###+++--- GPGConf ---+++###

4. Configure %APPDATA%\gnugp\gpa.conf

default-key GPG-KEY-ID-40-CHAR-LONG

5. Configure %APPDATA%\gnugp\scdaemon.conf

reader-port Yubico Yubikey

6. Copy https://github.com/NZSmartie/npiperelay/releases/tag/v0.1 to %APPDATA%\npiperelay

7. Run gpg --keyserver hkps://keys.openpgp.org --recv-keys <gpg-key-id>

8. Copy https://github.com/benpye/wsl-ssh-pageant/releases/tag20201121.2 to %APPDATA%\wsl-ssh-pageant

9. cd \ && mkdir Programs && cd Programs && mklink /J GnuPG "C:\Program Files (x86)\GnuPG"

10. Create environment variable in Windows with SSH_AUTH_SOCK = \\.\pipe\ssh-pageant

12. Ensure that gpg-connect-agent /bye runs during windows startup

13. configure git and set gpg.program to /mnt/c/Programs/GnuPG/bin/gpg.exe and commit.gpgSign to true


Unit testing constants?

 I have the following constants defined:

Those constants are used locally in separate parts of the code piece. (The RDS one is used in LIMIT clauses for SQL, while the commercetools one is used in a SaaS offering's API) And that's it.

We could easily limit 2000 lines on the RDS side without any problem. However, commercetools won't send back more than 500 items in a query, no matter what.

It's not the end of the world. However, in that case, the logic on the commercetools side needs to splice the input array to no larger than 500-piece chunks, make requests that way, and stitch everything back together. Doable but also avoidable if we just set both to 500.

Setting up these variables separately ensures that both classes are still isolated, etc. But what do I do with this quite important bit of information that's implicit in the setup and that has the potential to break the whole import code if ignored?

I could document it, but we all know that's the last place a developer would look for - myself included.

So the real answer is: unit tests

And that is why we have this seemingly irrelevant unit test in place. The most ironic part is that no amount of tooling (like code coverage) would ever flag the need for this test. I would even venture that some tools would call out that this is a "useless" test case for two constants...

 If you have a better idea of how to solve this, let me know, please!


Schedule Full Windows Defender Scan

 In the organization where I work, there is a BYOD policy. However one's own device needs to install a corporate policy enforcer application, called OPSWAT. Organization policy is configured that if a Full Windows Defender Scan isn't performed within a week - the trust in Windows Defender is admirable - then connection to corporate resources is blocked. Now running a full scan periodically is tedious (Start menu > Windows Security > Virus & threat protection > Scan options > Full scan, Scan now).

Instead I opted to automate the full scan. As it turns out Windows' own Task scheduler is prepared with a template which one only needs to tweak a little. So go to Start Menu, then type in Task. Go into task scheduler and go down in Task Scheduler Library > Microsoft > Windows > Windows Defender > Windows Defender Scheduled Scan. The only problem is, that the predefined job is only for Quick scan, not a full one.

First we need to modify the actual command which needs to be executed. The program itself is correct, however the arguments should say Scan -ScanType 2. (Where 2 stands for global scan) No other arguments are needed.

The other bit is the trigger. Since I am running my Windows instance in a VM, I opted for a daily scheduled run. If you need to do this on your main machine, then I'd recommend to set the schedule up a less frequent scan. (Since it's a VM, it only has files which are strictly necessary for my work, hence the runtime is below 5m. YMMW)

One last tip: Sometimes Windows defender exits with an error code (0x2 was the most common) when only the above two options are set. It happened to me as well. Once I changed the user from SYSTEM into my local admin one, this error went away. I am not sure if this is the correct solution, but it is most certainly a viable workaround.


YubiKey and GPG: How to add a new e-mail to an existing key

So the recommendation for storing GPG keys with YubiKey is to:

  • Store public keys on the GPG key chain
  • Store the private sub-keys on YubiKey
  • Store the private key offline, in a separate storage location
Hence, in order to edit the master key one first needs to import the master key back:

gpg --import /path/to/offline/master/key/MASTERKEY.priv.asc
gpg --edit-key MASTERKEY
    adduid # Fill out form
    uid n # where n is the new uid number
    primary # To set the new e-mail as the primary e-mail address for the key

This will add the new identity to the existing GPG key. Now the only thing left is to export the new version of the public information (along with the private keys for good measure)

gpg -a --export MASTERKEY > /path/to/offline/master/key/MASTERKEY.pub.asc
gpg -a --export-secret-key MASTERKEY > /path/to/offline/master/key/MASTERKEY.priv.asc
gpg -a --export-secret-subkeys MASTERKEY > /path/to/offline/master/key/MASTERKEY.priv-sub.asc

Now that everything is at a safe place once again, we shall remove the private keys from the machine (and keep using YubiKey whenever they're needed). That can be done by deleting the private keys plus invoking a simple card-edit.

gpg --delete-secret-key MASTERKEY
gpg --card-edit

You'll know that you're successful if you see the # in front of the master key (indicating that the private key is uknown) and the > in front of the ssb entries (indicating that the private keys are stups on the machine and that the actual keys are stored on your YubiKey)

sec#  rsa4096/0xAAAAAAAAAAAAAAAA 2018-07-15 [C] [expires: 2020-06-16]
      Key fingerprint = DDDD AAAA 9999 7777 6666  EEEE 8888 1111 0000 1111
uid                   [ultimate] John Smith <jsmith@corp1.com>
uid                   [ultimate] John Smith <john.smith@corporation.com>
uid                   [ultimate] John Smith <john_smith4@company.com>
ssb>  rsa2048/0xBBBBBBBBBBBBBBBB 2018-07-15 [E] [expires: 2020-06-16]
ssb>  rsa2048/0xCCCCCCCCCCCCCCCC 2018-07-15 [S] [expires: 2020-06-16]
ssb>  rsa2048/0xDDDDDDDDDDDDDDDD 2018-07-15 [A] [expires: 2020-06-16]


Configuring Yubikey Touch


ykman openpgp info
ykman openpgp set-touch aut on # or off
ykman openpgp set-touch sig on # or off
ykman openpgp set-touch enc on # or off


Moving "Wide audience" to BCC

 At the company where I work there is a great collaborative culture, and I love that. As part of this culture, we have large Outlook distribution lists (DLs) with hundreds or even thousands of employees being a member. And some of these memberships are mandatory, such as "Everyone" or "ORG-Unit-X" etc.

Now the perk of this is that if you need help, you can send out an e-mail to let's say "All-PMS-In-The-Universe" with your question, and chances are you'll get an answer. And this is great. And our corporate policy is to put the DL into BCC, so we can avoid spamming the rest of the DL who's not interested. (If the DL goes accidentally into TO or CC people usually have the decency to delete the DL after hitting reply-all)

But, sometimes people forget and you'll end up getting a ton of uninteresting messages. Now every once in a while these messages will start spamming your inbox. People sometimes step in and sacrifice themselves by moving the DL into BCC and sending it out, but again, chances are they're also disinterested, but they're willing to take one for the team. Which is a great thing to do, but completely unnecessary.

In Outlook, when you compose an e-mail you have the option to specify an alternative e-mail address that will receive the reply instead of your. Simply provide there the e-mail address of the original sender, and call it a day. That way you'll stop getting the spam as well.