Accessing Multiple Services over HTTPS via SNI Proxy

Like most people (OK, maybe not most…), I have a range of locally hosted services that I like to access remotely. Because of the joy that is IPv4 depletion (long live IPv6) I’m forced to use different ports for internet access, which is hard to remember and annoying to set up. And because the internet is a bad place, I prefer to use encryption where possible to keep everything safe on it’s journey across the internet. Sure, something like SSH tunnels would work, but that would still require remembering the different port numbers, and isn’t compatible with all devices (such as mobile clients).

Enter SNI Proxy

After some research, I decided to put an end to both these problems, with an install of SNI Proxy. SNI Proxy is a generic HTTP and TLS proxy that identifies the internal host from TLS’ server name indication (SNI). This allows it to seamlessly proxy multiple services on the same port, and heavily increase the WAF for services like and . It also makes a nice place to centrally manage SSL certificates and Let’s Encrypt renewals I was under the impression that SNI Proxy could also terminate an HTTPS/TLS connection, though this now appears to be incorrect. (Though I do this on each host, as SNI Proxy doesn’t handle my IPv6 traffic). So, let’s get installing.

Continue reading Accessing Multiple Services over HTTPS via SNI Proxy

Adding Android Widgets Without User Interaction

As part of an ongoing project, I’m building a simplified replacement for Trebuchet (Android’s default launcher). One aspect that I need to simplify is showing Widgets on the launcher without requiring the user to add them by hand. Normally, Android restricts this by requiring apps to use the  AppWidgetManager.EXTRA_APPWIDGET_ID  intent to launch a system picker. The only way around this is for system apps to request android.permission.BIND_APPWIDGET in their manifest, so this method is only available on rooted devices where the app is installed at the system level (in  /system/app  or /system/priv-app). Continue reading Adding Android Widgets Without User Interaction

Fancy Android Version Numbers from Git

I recently started working on several Android projects, including a custom automatic updater (the target devices won’t have internet access, let alone the Play Store). While the system is working wonderfully, it relies on detecting changes in the app’s version number. Which I keep forgetting to change. As with most of my projects I’m using Git for version control. So let’s do something fancy, and generate the android version number from git’s commit and tag information. Continue reading Fancy Android Version Numbers from Git

YRS Festival of Code

The pride and joy of Ruth Nicholls, the YRS Festival Of Code, starts up again next week. With coding opportunities for under 18s at 66 different locations across the country and beyond, there’s no reason anyone technically inclined can’t take part. Personally, I’m mentoring in a centre at Redgate Software, in Cambridge, helping 20 young coders, designers & developers find their calling, and home their skills.

The centres include an online ‘virtual’ centre, and ones in Times Square, New York, Bern, Switzerland, and Prishtina, Kosovo (that last one is in the south of Serbia, I had to look it up). There’s also loads of other centres across the country, so there’s always that’s convenient to attend.

The week is spent building apps, websites, games, and even hardware-based hacks, inventions, and other crazy contraptions, all involving open data. At the end of the week, all 1,200 contestants meet up in Birmingham, where they present their projects to expert judges, mentors, the press, and other participants. The best entries from each group will go through to the finals, where prizes are awarded for the a range of different categories. This year’s prizes haven’t been announced yet, but rumours say they include Amazon and Pimoroni gift vouchers, an awesome-looking 3D printer, a quadcopter drone, and even a McLaren F1 experience! This year’s categories include:

  • Best Example of Code
  • Best Example of Design
  • The ‘Should Exist’ Award
  • Code a Better Country
  • Best in Show
  • The People’s Choice

Unfortunately sign-ups for centres closed back in July, but if you’re a participant, a mentor, or a volunteer, you’ve still got time!

Installing Skype on Debian Jessie

Going to keep this one quick, here’s a quick guide for installing Skype on Debian Jessie. This is based on version, but should just need a URL switch for newer versions.

From there, you should be able to log in and chat away. Details on autostart (on login) to follow.

Shrinking Raw Disk Images

I recently had a Raspberry Pi image that I wanted to deploy to several Pis (is that the right plural?) for production use. During development of this, I worked on a 32GB SD card for some breathing room, but to save costs, we decided to deploy onto 4GB cards.

This left me with a small issue. Although the file system on the SD card was only using 2.5GB of space, any image files from it were still 32GB, far too large to go onto the SD cards. I need to remove the white space from the end of the image to make it fit. So, here’s a quick tutorial on shrinking raw disk images.

Continue reading Shrinking Raw Disk Images

Testing for SSL Vulnerabilities

Qualys Labs Server SSL Test for

So around now is the annual SSL certificate renewal for most of our internal servers, and I thought it would be a good idea to check them all for SSL/TLS vulnerabilities. A quick Google later, and I’m looking at Qualys Labs SSL Server Test. The scan is nice and shiny, and give an instant (2-3 minute) overview of a server’s security. It also takes care of DNS round-robin to make sure all your servers are handled (though sites with HLBs or similar may need more attention).

Continue reading Testing for SSL Vulnerabilities

Non-matching records in T-SQL One-to-Many Relations

I was recently tasked with finding all the people in our CRM software that lack email addresses, and with around 3000 contacts, there was no way I was going to do it by hand. SQL to the rescue!
There was just one issue, email addresses are stored in a different table to allow each person to have multiple addresses on file. After a bit of digging around, I came up with this:

Let’s go through this line-by-line so we can see exactly what it does.

Continue reading Non-matching records in T-SQL One-to-Many Relations


Today I decided to install SCCM to see if it would help with the WDS work I have been doing.
After a quick download from the Microsoft website, I kicked off the installer, only to find a nice helpful error message:

Continue reading SCCM & SQL