When setting up EdgeOS with PPPoE (Centurylink) with Hairpin NAT, ensure that the Port Forward Source on the LAN interface is switch0, even if eth1 is the only one being used. Not sure what switch0 means (one would think it is the combination of eth1-4), but this appears to have fixed an issue with not allowing access to custom (>1024) ports.

When trying to do a git clone on a new installation of git behind a corporate firewall (with MITM on SSL), I got this error:
# git clone https://github.com/zptaylor/public-repo.git
Cloning into 'public-repo'...
fatal: unable to access 'https://github.com/zptaylor/public-repo.git/': SSL certificate problem: self signed certificate in certificate chain

First I tried switching the backend to sslchannel, but that threw a different error:
# git config --global http.sslbackend schannel
# git clone https://github.com/zptaylor/public-repo.git
Cloning into 'public-repo'...
fatal: unable to access 'https://github.com/zptaylor/public-repo.git/': schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the
certificate.

Of course the reason no SSL validation will work is because the SSL is for all intents and purposes invalid, so the easiest way is to just turn it off, although it completely eliminates https verification:
# git config --global http.sslbackend openssl
# http.sslVerify= false

A similar solution that breaks security, but for schannel:
# git config --global http.schannelCheckRevoke "false"
# git config --global http.sslbackend schannel

A more precise fix that would allow SSL would be to use openssl, create some sort of trust store of valid certs, and then add the MITM’s cert for github.com in its place. I think these fixes are reasonable for a developer machine who is on a controlled network that could not possibly allow github.com to be spoofed.

Read up more at
https://stackoverflow.com/questions/45556189/git-the-revocation-function-was-unable-to-check-revocation-for-the-certificate
https://github.com/desktop/desktop/blob/development/docs/known-issues.md#certificate-revocation-check-fails—3326
https://github.com/microsoft/Git-Credential-Manager-for-Windows/issues/646

To delete a database that has been set as Offline, you first have to bring it back online, and then drop it, like so:

EXEC rdsadmin.dbo.rds_set_database_online N'YOUR-DATABASE-HERE'
EXECUTE msdb.dbo.rds_drop_database N'YOUR-DATABASE-HERE'

If you have problems, you may try renaming the database and trying again:

EXEC rdsadmin.dbo.rds_modify_db_name N'YOUR-DATABASE-HERE', N'DeleteMe'

If none of these work, you may not have the correct permissions, which could require resetting your master password — see the AWS documentation for that.

If this error occurs when you are on a Corporate VPN, where browser traffic is captured by a MITM (Man-In-The-Middle), you may need to change any or all of these settings in the Firefox about:config page,
security.tls.hello_downgrade_check = false (this should definitely fix it)
security.tls.version.max = 3 (this should definitely fix it)
security.osclientcerts.autoload = true (this might fix it if it is OS cert-related)

The reason this may occur is because the security device is incapable of providing valid TLS 1.3 HELLO messaging.

Tomcat 9 needs the WorkingDirectory specified in the Systemd service in order to work. Without it, the service will start but never completely load!

To use, put this is in /etc/systemd/system/tomcat.service and install the service as usual.


[Unit]
Description=Apache Tomcat Web Application Container
After=network.target
After=systemd-user-sessions.service
After=network-online.target

[Service]
User=tomcat
Group=tomcat
Type=forking
WorkingDirectory=/app/XXX/bin
ExecStart=/bin/bash /app/XXX/bin/catalina.sh start
ExecStop=/bin/bash /app/XXX/bin/catalina.sh stop

[Install]
WantedBy=multi-user.target

##SetWifiDNS.ps1
##Gets the ip details of "wifi" net adapter, and if has 192.168.0, then it sets 192.168.0.2 to first DNS; 
##otherwise will just reset the DNS!!
##Needs error handling

$currentDir = (Get-Item -Path ".\").FullName+"\"
$wifiPrivateSubnet = "192.168.0."
$wifiPrivateDNS = "192.168.0.2,1.1.1.1,1.0.0.1,8.8.8.8"
$wifiName = "wifi"
$wifiIp = Get-NetIPConfiguration -InterfaceAlias $wifiName | select IPv4Address, InterfaceAlias

# Details for logging
$LogPath = $currentDir
$LogFile = $LogPath+"SetWifiDNS.log"
$LogTime = Get-Date -Format "MM-dd-yyyy_hh-mm-ss"

Write-Host $wifiName $wifiIp.IPv4Address.IPAddress "is checking to match" $wifiPrivateSubnet

$matchesThePrivate = $wifiIp.IPv4Address.IPAddress -Match "192.168.0."

If ($matchesThePrivate) {
#if 192.168.0.2 network:
Get-NetAdapter -Name $wifiName | Set-DnsClientServerAddress -ServerAddresses $wifiPrivateDNS
$msg = $wifiName+" being set to DNS "+$wifiPrivateDNS
}
Else {
#otherwise
Get-NetAdapter -Name $wifiName | Set-DnsClientServerAddress -ResetServerAddresses
$msg = $LogTime+$wifiName+" being reset, logging to "+$LogFile
}

if(-Not [IO.Directory]::Exists($LogPath))
{
    New-Item -ItemType directory -Path $LogPath
}

$LogTime+" - "+$msg | Out-File $LogFile -Append -Force

If you get the error for port 53 being used when starting Pihole, you can disable dnsmasq using these commands:

virsh net-autostart --disable default
virsh net-destroy default

From:

https://forums.unraid.net/topic/48744-support-pihole-for-unraid-spants-repo/?do=findComment&comment=586034

In the latest version of PrimeFaces they apparently made the regex validation for “allowTypes” more restrictive.

Previously we had allowTypes="/(\.|\/)(gif|jpe?g|png)$/"

This will allow .gif/.jpg/.jpeg/.png files but not allow .GIF/.JPG/.JPEG/.PNG files.

To remove the case sensitivity you just add the i flag, for insensitivity:

allowTypes="/(\.|\/)(gif|jpe?g|png)$/i"

What is particularly bad about PF 7.0 is that it will allow it to run the uploader as it will pass the first step of the client-side validation, but when it sends to the server it will fail the validation and not alert the user that it failed (!!!), thus making a silent error that will cause users a lot of grief.

The Programmer’s Oath by Robert C. Martin (Clean Coder Blog, 2015-11-18)

In order to defend and preserve the honor of the profession of computer programmers,
I Promise that, to the best of my ability and judgement:

I will not produce harmful code.

The code that I produce will always be my best work. I will not knowingly allow code that is defective either in behavior or structure to accumulate.

I will produce, with each release, a quick, sure, and repeatable proof that every element of the code works as it should.

I will make frequent, small, releases so that I do not impede the progress of others.

I will fearlessly and relentlessly improve my creations at every opportunity. I will never degrade them.

I will do all that I can to keep the productivity of myself, and others, as high as possible. I will do nothing that decreases that productivity.

I will continuously ensure that others can cover for me, and that I can cover for them.

I will produce estimates that are honest both in magnitude and precision. I will not make promises without certainty.

I will never stop learning and improving my craft.

It’s shameful to admit it, but I have known that these are the ethics I should live by, but I often let deadlines, expectations, and laziness come in the way. I hope to work in the next few months to uphold this oath. The hardest part is my tendency to people-please, and my low threshold for the “boring” parts of software development — writing tests, and peer reviews.

I know that logically there are no shortcuts; writing bad code to get a product out ASAP ultimately causes more frustrations and time wasted by myself and others. It is hard for me to fully digest that I will have to slow down in order to save time, but I have seen it happen, literally every day on the job, that fixing a problem in hastily developed code ultimately takes much longer than getting it right the first time.
Just got to remember to breathe every now and then.