Development

Addressing Laravel Homestead MySQL Password Expiration

January 7, 2017 · 3 min read

On November 7th 2016, I was hit with a peculiar issue I've never seen before working in a provisioned Homestead box. The exception:

PDOException in Connector.php line 55:
SQLSTATE[HY000] [1862] Your password has expired. To log in you must change it using a client that supports expired passwords.

Firing up a different vagrant machine, I was greeted with the same problem. This seemed to affect all of the vagrant boxes using version laravel/homestead (virtualbox, 0.3.3).

On the machine, the MySQL version displayed by mysql --version is

mysql  Ver 14.14 Distrib 5.7.9, for Linux (x86_64) using  EditLine wrapper

MySQL 5.7's password expiration policy seemed to point to the culprit.

From MySQL 5.7.4 to 5.7.10, the default default_password_lifetime value is 360 (passwords must be changed approximately once per year). For those versions, be aware that, if you make no changes to the default_password_lifetime variable or to individual user accounts, all user passwords will expire after 360 days, and all user accounts will start running in restricted mode when this happens.

Looking at the list of users with relevant columns shown that the password for the user homestead was set on 2015-11-13 03:50:18.

mysql> select host, user, authentication_string, password_expired, password_last_changed, password_lifetime from mysql.user;
+-----------+-----------+-------------------------------------------+------------------+-----------------------+-------------------+
| host      | user      | authentication_string                     | password_expired | password_last_changed | password_lifetime |
+-----------+-----------+-------------------------------------------+------------------+-----------------------+-------------------+
| localhost | root      | *14E65567ABDB5135D0CFD9A70B3032C179A49EE7 | N                | 2016-11-08 22:28:11   |              NULL |
| localhost | mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | N                | 2015-11-13 03:50:10   |              NULL |
| 0.0.0.0   | root      | *14E65567ABDB5135D0CFD9A70B3032C179A49EE7 | N                | 2015-11-13 03:50:15   |              NULL |
| 0.0.0.0   | homestead | *14E65567ABDB5135D0CFD9A70B3032C179A49EE7 | N                | 2015-11-13 03:50:18   |              NULL |
| %         | homestead | *14E65567ABDB5135D0CFD9A70B3032C179A49EE7 | N                | 2015-11-13 03:50:18   |              NULL |
+-----------+-----------+-------------------------------------------+------------------+-----------------------+-------------------+
5 rows in set (0.00 sec)

Date manipulation in PHP showed that 360 days from 2015-11-13 03:50:18 is 2016-11-07 03:50:18, about the time this started occurring.

It was later that I discovered this pull request didn't make it into branch revert-56-master used to build the 0.3.3 box. It succinctly described the problem at hand.

I saw 4 possible choices for a permanent solution:

  1. Set default_password_lifetime=0 explicitly in /etc/mysql/my.cnf.
  2. Upgrade MySQL to 5.7.11 or higher as the default was changed from 360 to 0.
  3. Create the homestead user with the keywords PASSWORD EXPIRE NEVER to disable password expiration for that user.
  4. All of the above.

Solution

In looking to correct upstream, the pull request was denied with very good reason. It was a ton of work to seemingly get the 5.6 branch up to master and I have absolutely no guarantee that something wasn't broken in the process.

Not being content with abandoning that work, I pushed a vagrant virtualbox image that should continue the 5.6 branch forward for the foreseeable future. There is one major caveat, it requires a patch to Homestead v2 to accommodate the changes introduced.

Steps required to use the image:

  1. Add the new vagrant image: vagrant box add w0rd-driven/homestead.
  2. Add the line box: "w0rd-driven/homestead" in Homestead.yaml to specify a different vagrant box than the default of laravel/homestead.
  3. Add the line "laravel/homestead": "2.0.x-dev" to the require-dev section of composer.json.
  4. Add or update the repositories section of composer.json:
"repositories": [
    {
        "type": "git",
        "url": "https://github.com/w0rd-driven/homestead.git"
    }
],
  1. Run composer update to change to the new composer package.
  2. Rebuild your box using vagrant destroy -f then vagrant up.
  3. Test everything.

I've enabled issues on both forks of settler and homestead. Unfortunately, I don't have VMWare Fusion to build the vmware provider image. If anyone has the capabilities, I would gladly grant the access to push the image.

Newness

January 12, 2016 · 2 min read

I said in my previous post that a lot can happen in 2 years.

In that time span I've:

  • Moved to using a MacBook and OSX.

    • OSX being very BSD-like makes it an prime target for web development. It isn't the second class citizen Windows is in the Ruby or Node.js communities.
  • Transitioned away from .NET and don't really miss it. I do randomly play around with .NET core when possible but I haven't actually built anything with it.

    • This was honestly very huge at the time but I still feel I made the right decision. Though Windows 10 is the platform Windows 8 should have been and likely would've kept me on board.
  • Transitioned to PHP and web technologies full bore. I'm no fan of the PHP language but in the era of Visual Studio 2012, a dynamic language that only required refreshing my browser was much faster than waiting on the compile cycle.
  • Drank the vagrant koolaid via PuPHPet.

    • Recreating production hardware isn't too difficult with my ancient DevOps experience.
    • Waiting on the painful commit/push/wait for deployment/refresh cycle to see a change was a huge productivity destroyer.
    • Even developing locally when production PHP versions aren't consistent can be a nightmare. Something like rvm in Ruby comes close but it isn't perfect.
  • Immediately took to PHPStorm as my IDE of choice. JetBrains have done an amazing job and if you've used ReSharper you've only had a taste. I'm no fan of Java but I'll make a concession for tools this good.
  • Wrote a very crude front-end only CMS. When working in only HTML, CSS, and Javascript you really see the separation of client and server very clearly.
  • I jumped in the deep end with tools like gulp, bower and yeoman.

    • This has fueled my desire to be a lot more fluent in Node.js.
    • Frontend development becomes insanely fun because a lot of the tedium melts away if you do it right.
    • This gulp template was extended from this blog post and it's subsequent repository to streamline working on the custom CMS.
    • This yeoman gulp generator looks a little more promising as it seems to serve a similar purpose but feels like less work.
  • I have a Microsoft Lumia 640 and the Windows 10 Mobile OS is one of the best mobile experiences I've used to date. I know I'm biased but it has shaped up really well.
  • My personal laptop is running Windows 10 as well so I haven't abandoned the Windows ecosystem by a long shot, I've just become more of a consumer rather than a developer.

That's really only scratching the surface. It would've been helpful to have blog posts as I moved along but as with most things, life got in the way.

My main goal for the early part of 2016 is to revamp this site and make it the playground I was looking for in 2013. Octopress is really nice but if I upgrade to v3 it's not much more work to migrating away to something like Hexo, Metalsmith, or DocPad.

We be derpin'

January 10, 2016 · 1 min read

A lot can happen in a little over 2 years...

In my last post, I had proposed an attempt to tackle the FizzBuzz problem. PowerShell was done, PHP was barely started but I never pointed to it in a subsequent post or finished what I wanted. The project url has completed and checked solutions for PHP and Node.js. I had mentioned b. F#, Objective-C, CoffeeScript, C/C++, Go, Dart, and Haskell are the planned languages I've mostly touched in passing or know about., as well as C#, Pascal, and Ruby but I may never get to them.

Shortly after that last post, I switched jobs from .NET to web development focusing on PHP with HTML, CSS, and Javascript. That one action shifted much of my focus from most of the languages in that list. With ES6 coming and recently finishing a CodeSchool course in CoffeeScript, the Javascript landscape is looking pretty awesome. Elixir and the Phoenix Framework have recently stood out as upcoming contenders for my mindshare as well.

My last post taught me that while I may know of a language, it doesn't mean I'll have a genuine desire to pursue it. It can also easily become difficult to want to pursue development outside of your day job. Staying current, however, is always worth pursuing. Tooling and efficiency around web development seems to have come a very long way.

To keep this post brief, I plan on making more updates as I feel a lot has changed for me in the past 2 years that I'd still love to share.

JazzHands: Tackling the FizzBuzz problem

November 5, 2013 · 2 min read

Due to a comment on Hacker News (original post here), I thought I would put my money where my mouth was, so to speak, and tackle this problem in a public repository.

My comment could likely be seen as dismissive or arrogant. I get that. My biggest problem is that because people still fail, this is the interview equivalent of patty cake: awkward, childish, and unrewarding (unless you're a 2 year old).
To be quite honest, I don't quite understand my disdain for the problem. It's simple enough that it can be solved a number of ways quickly and gets you to express at least the fundamentals of development in a particular language.

This exercise is an excellent opportunity for a number of things:

  1. It'll be a form of code kata and I need practice, even on something I dislike greatly.
  2. Much of my work isn't public, as I often rarely see the benefit of my specific ideas being shared. I don't need to prove anything by doing this but I don't see this hurting anything.
  3. If you believe my time tracking is accurate, it should demonstrate at least some proficiency in languages I know and how quickly I can at least have a basic understanding of the ones I don't.

    1. My proficiency in order is C#, PowerShell, Javascript, PHP, Pascal, then Ruby. The latter 3 don't rattle around in my brain as much as the former.
    2. F#, Objective-C, CoffeeScript, C/C++, Go, Dart, and Haskell are the planned languages I've mostly touched in passing or know about.
  4. This would be a good opportunity to write tests to check the work. A neutral 3rd party would be ideal as the tests could influence the experiment.
  5. It'll also give insight into my habits regarding structure and clean, concise code. I prefer readable code with very little comments because I feel the code itself should be the comment. This largely isn't possible in most code bases but it shouldn't really be a problem here.
  6. To prove to myself that I don't just take examples from Google and make them my own, that I can start from scratch when I need to.

Note: I'm using http://rosettacode.org/wiki/FizzBuzz as a language guide only. If you see me follow a specific example, punch me in the nuts.

The best description of the problem can be found here, specifically (altered for this example):

Write a program that prints the numbers from 1 to 100. But for multiples of three print "Jazz" instead of the number and for the multiples of five print "Hands". For numbers which are multiples of both three and five print "JazzHands".

This brings up some excellent points. I'm definitely not above FizzBuzz or live coding but I still can't pinpoint why I have beef with this particular problem.

I honestly can't remember the last time I've actually tackled this problem so the potential to look really foolish, at least at the beginning, is pretty high.

derpirc: WP7 IRC client take #2

October 27, 2013 · 1 min read

Back in February of 2011, I posted a very rough alpha release of my first WP7 IRC app called dIRCa. I abandoned the project primarily due to the heavy reliance on Homebrew sockets and rewrote it from scratch using the wonderful IrcDotNet library. Not having to handle the core IRC quirks is a godsend and luckily it works rather flawlessly with 7.5+ (Mango and above).

I originally wrote a post back in 2011 to gather emails for the beta submission process but it never got published. I was also working diligently to release a competent v1.0 but my perfectionism got the best of me.

I've since release it as open source on Github. The project is abandoned so far as my HD7 phone is no longer consistently in use now that I've switched to the HTC 8x and Windows Phone 8.

The barriers to make it a Windows Phone 8/WinRT version are pretty high:

  1. SQL CE was a terrible choice as a message store. They ditched it in favor of SQLite which had extremely sketchy WP7 support (this means a complete break from WP7)
  2. IrcDotNet is very much a traditional .NET library where the developer focuses on Mono. You could say this project is abandoned as well, so no official WinRT port is expected.

The original project received quite a bit of downloads for my first open source project (around 700 by this time) with the reason primarily being that a XAP was already built. On Github there are no releases but I look to remedy that very shortly.

The application is pretty functional but it is rather rough around the edges. For instance, when you first start it you're required to go to the settings screen as exiting initializes and starts the connections to the various networks. I intended this to be covered in a tutorial of sorts but that was something I was going to cover off last.