Running Laravel’s Own Tests

After some exploring here are the steps to get Laravel Framework‘s own tests passing on Ubuntu Linux, or Window’s WSL2, with PHP 7.4:

# For older releases without PHP 7.4
sudo add-apt-repository ppa:ondrej/php
sudo apt-get update

# Install library and server dependencies
sudo apt-get install \
  memcached \
  php7.4 \
  php7.4-dev \
  php7.4-dom \
  php7.4-mbstring \
  php7.4-memcached \
  php7.4-mysql \
  php7.4-odbc \
  php7.4-pdo \
  php7.4-sqlite \
  redis-server

# Start local servers that tests rely on
sudo /etc/init.d/redis-server start
sudo /etc/init.d/memcached start

# Change directory to the framework or fork folder
cd framework

# Copy the test configuration
cp phpunit.xml.dist phpunit.xml
# Remove comments around Redis settings
sed --in-place --regexp-extended \
  --expression='s/(<!--|-->)//g' phpunit.xml

# Install PHP dependencies
composer update --prefer-lowest \
  --prefer-dist \
  --prefer-stable \
  --no-interaction

After all that it should be possible to run the tests with ./vendor/bin/phpunit. Then the usual flags can help to run ones own tests like --filter testMyNewFeature.

Remote Movie Night With Cytube

There are a growing number of ways to enjoy movies with friends without being in the same physical space. One rather technical way is using a special web server called CyTube. It became my choice because it didn’t require everyone have their own subscription to the same streaming service, at least when configured with direct (‘raw’) media links. CyTube also provides a good viewing experience for action movies, has chat rooms, and can serve several movies at once using different ‘channels’. If you’ve got a big family it allows you to have one show for kids and a different, simultaneous show for the adults.

This article is an overview of the technical steps needed to provide less technical friends and family with a simple and inexpensive experience. And with a separate video call it can be similar to having people over for a movie.

What You’ll Need To Host

  • Broadband Internet — usually about 2-5M upload per remote household, if you’re serving media from your network
  • Linux or Mac computer to run CyTube
  • Movie — on disc or on a supported media service
  • Time and patience to work through the technical details

NOTE: Take care downloading software from untrusted sources as they may include unwanted or malicious software. Also, most movies have limits on how many people you can show it to at a time. So if you’re planning a virtual viewing with more than a couple families or friends check that it’s within the limit, or try a co-watching app/extension that supports an official streaming service.

1. Preparing The Movie

If you’re all just going to use one of CyTube’s supported media services you can skip this part.

Beginning with a DVD or BluRay disc you can ‘rip’ the movie into your computer with a program like MakeMKV or HandBrake. For the best experience you may also need to convert it into a format suitable for streaming like H264 within an MP4 file. VideoLAN can help with that, even if their docs are a bit dated.

2. Installing CyTube

CyTube needs a Linux or Mac computer to act as the server which serves up its website interface. So if you’ve already got a home server like a Raspberry Pi or old laptop then follow these instructions to install it. If you don’t then you could try using Windows Subsystem for Linux on your normal desktop or laptop computer.

3. Serving On The Internet

Once you can load CyTube from a browser on your local network you’ll need a way to share it over the Internet with your friends. Typically this is done by forwarding CyTube’s port from your router’s Wide Area Network connection (a.k.a. WAN or Internet connection) to the serving computer. It’s also possible—and usually a bit easier—to put the computer on the DMZ, often a gaming option for home routers. Then look up your Internet address with a service like WhatsMyIP.org and try your IP with the CyTube port on another network like your phone browser with the Wifi turned off. The URL to try will need to start with “http://” and should look something like “http://999.999.999.999:8080/”. If visiting that address loads your CyTube site then you can move on.

To make things even easier you can optionally use a dynamic name service, if you don’t already have one, to serve from a named site like “the-smiths.hopto.org”.

4. Serving Media

This can be skipped if you’re going with a streaming service, otherwise you need to get the ripped movie itself on the Internet too. A file sharing service may work, though popular ones may detect copyrighted media, preventing more than one or two users accessing it. Or in the worst case banning your account for violating terms of service.

If you managed to install CyTube then consider serving the media yourself with a web server like Nginx. Though this does also require configuring a secure (“HTTPS”) connection. And while that can be done for free with Let’s Encrypt it does require that you have a named website, even if it’s from a dynamic service like No-IP.

5. Running The Show

At any point after CyTube is installed and running the site can be setup by logging in as your administrative user, creating the channel, and adding the URL of a media file or streaming video (like “https://my-place.example.com:8443/big-buck-bunney.mp4”). Once everything else is set then share the address of your CyTube install with friends and family.

Notes

  • Chrome browser may require clicking a play icon to load direct/raw video URLs
  • Connect the viewing computer to a TV for a larger display
  • If watching with a separate video call then ask viewers to use headphones, mute when not talking, or keep the movie volume low enough to prevent echo
  • Pausing doesn’t seem to work with direct/raw files or YouTube, try removing the media from the queue and refreshing browsers
  • Viewers joining later may momentarily see the beginning of the movie before it jumps to the stream’s position

SQRL’s Fatal Flaws

Steve Gibson‘s SQRL authentication has two fatal flaws: future identities are too easily compromised and using it with multiple devices becomes more difficult over time. Since it relies on derived keys to generate each identity a single, compromised identity-unlock-key (IUK) puts all past and future secrets at risk. At least until one knows it has leaked.

SQRL tries to mitigate this derivation weakness by its ‘rekeying’ feature. Though that rekeying requires updating the identity file on all devices that need it as well as revisiting all previously used services. One must go through the rekeying and revisiting process any time ones IUK is compromised.

Such rekeying doesn’t help when one doesn’t know the IUK has been compromised. Meaning attackers with the key could create an identity before a user has tried. Then when the real user signs into their ‘new’ identity the attacker also has access, they may even have primed the account with weaker privacy settings.

Password Vaults have a similar weakness which could expose all past secrets, but no future ones. And since there is typically a different (random) password for each service the size of the data an attacker needs to extract is often larger. Bigger payloads are usually more difficult to exfiltrate completely and are more likely to be noticed.

As far as I can tell there doesn’t seem to be a solution to these fundamental issues with SQRL. But I’d love to be proven wrong. So if this assessment has any inaccuracies or you have thoughts to share then please leave a comment.

UPDATE: Full disclosure, I created a premium plugin for the KeePass Password Safe.

Easier Laravel DB Migrations With Zero Downtime

When Laravel is paired with a Mysql DB it can be increasingly difficult to make changes as the installation grows in popularity. While Mysql is getting better with its Online DDL there are still some limitations. And even with the latest online tools Laravel’s built-in migration scripts won’t consistently use them without specialized code. To make minimal-downtime changes easier I’ve helped create an adapter for Percona’s Online-Schema Change (PTOSC) and Mysql’s Online DDL called laravel-online-migrator (LOM).

Consider a Laravel DB migration adding a column: Schema::table('my_table', function (Blueprint $table) { $table->string('color', 64)->nullable(); }); To use PTOSC the queries have to be manually written as shell commands: pt-online-schema-change D=homestead,t=my_table,h=localhost \ --user=homestead --password=secret \ --alter "ADD color VARCHAR(64)" --execute Then it must be wrapped in a PHP function like exec, or run outside the normal Artisan migrate workflow. When done outside migrate a row must be inserted into the “migrations” table for each migration, unless Laravel’s built-in migrations will never be run.

Now with laravel-online-migrator the migration script can remain unchanged. When migrate is run the script is automatically changed from this PHP code$table->string('color', 64)->nullable(); to this command pt-online-schema-change D=homestead,t=my_table,h=localhost \ --user=homestead --password=secret \ --alter "ADD color VARCHAR(64)" --execute and the command is run.

Before executing migrations the generated commands can also be reviewed for correctness with --pretend like this php artisan migrate --pretend Pretending can be helpful when one is unsure what the adapter will do. When using PTOSC that output can also be copied and pasted into a shell with the --execute flag replaced with --dry-run. Dry runs will confirm with PTOSC whether or not the command is ready before the original table is modified.

LOM tries to be flexible: not changing queries unnecessarily and supporting common ‘raw’ queries as well. So dropping a table won’t go through PTOSC, or if migrations rely on hand-written SQL then they should work without human intervention. For example a raw query like \DB::statement("ALTER TABLE my_table CHANGE fruit fruit ENUM('apple', 'orange')"); will be translated to a PTOSC command, while \DB::statement("DROP TABLE my_table CASCADE"); will remain unchanged.

Fine-grained control of which online tool–if any–is used can be found within the configuration file config/online-migrator.php, environment variables like ONLINE_MIGRATOR, and traits on the migration scripts themselves. For more see the documentation on usage. Also of note, the output of “php artisan migrate” will be more verbose in order to aid resolving problems with migration runs.

UPDATE 2019-02-05: Forgot to mention the convenience option doctrine-enum-mapping was included to make changing tables with DB enumerations easier. By setting its value to ‘string’ migrations can use Eloquent code to change enum-equipped tables, though yet not for changing the enum columns themselves.

If this has been helpful please consider commenting here or opening an issue or pull request on the project’s Github.

NOTE: All opinions and thoughts expressed here are my own and do not reflect those of my employer.

Acer Predator Laptops Not For Ctrl Swappers Or Cap-Alt-ers

If you’re someone who likes to move the Ctrl key to your home row using Caps Lock, or you like custom Caps+Alt macros, then Acer’s gaming laptops may not for you. Unless of course you don’t need Ctrl+Alt+A or Caps+Alt+A, because that that physical caps-with-alt-a combo is the one and only that won’t work:

Most users may think this is a very niche complaint. But password managers like KeePass default to the Ctrl+Alt+A combo for auto-typing, a feature which may be the only alternative when paste blocking and in-browser add-on’s won’t do. Ctrl+Alt combos are also useful for streaming and power users who want global hotkeys that break out of the scope of programs on Microsoft Windows. Gaming too often requires pressing many keys at once, so much so that the term N-key Rollover was coined. And since the Predator series of laptops targets gaming, it is strange to see such a oddly narrow gap in models that cost $2,000+ USD.

Caps-as-ctrl is also a fairly well known arrangement, so much so there is even a highly ranked article disputing its benefits. It’s an arrangement I’ve enjoyed on-and-off for years, and until now had never seen a keyboard which did not allow the physical caps-alt-a combo.

If you’re a consumer consider yourself warned. If you’re a manufacturer then please better educate your level-1 support, and thoroughly test features important to your target demographic. Because top-shelf consumers may go elsewhere when faced with beta testing your hardware.

Uneven Game Difficulty Hinders Accessibility

Getting stuck in a game can be an opportunity to rise to the challenge or be so annoying it feels like a waste of time to keep trying again and again. Everyone has their own threshold and unique mixture of abilities, which makes well-balanced difficulty options so critical to a product’s accessibility.

Boss fights in the original release of Deus Ex: Human Revolution were unpopular because they broke the difficulty curve so badly. For a game series with a reputation for player choice the game launched with only one way to defeat each boss, and with lethal force being the only option. Thankfully later updates provided more options, making it more consistent with the rest of the experience.

Too often the difficulty adjustments in games fall into similar traps when they focus solely on easy tweaks, like making enemies easier to eliminate or the player more resilient. Other game mechanics or mini-games such as puzzles are left largely unchanged which breaks the flow for players more interested in exploration, or less clever than their compatriots. And while I respect designers’ desire to craft an experience and set expectations, it’s hard to justify inconsistent difficulty levels as gaming audiences grow to include people with less free time and varying abilities.

Watch Dogs is another example of a game which feels like it’s only difficult adjustment is rudimentary nerfing, buffing, and timer tweaks. While I appreciated the mission variety and many of the challenges, aspects like tightly timed chases, enemies with supernatural bursts of speed, and nearly impossible to escape police and ‘fixers’ were often infuriating. Even the age-old tradition of cheat codes were unavailable here. Some game guides resorted to suggesting workarounds like shooting out a window then hiding for notoriety boasts, or swimming out into open water to escape.

Considering the resource constraints of smaller development shops it is easier to accept uneven difficulty in their releases. However, larger studios have no excuse; except perhaps ignorance, greed, or laziness. In this age of day-one patches there is little reason not to at least update a product found to have uneven gameplay, even if only to patch in some cheats. Consumers should not have to resort to 3rd-party hacks developed by the community to fully enjoy their purchase.

What do you think? What has your experience been with games and their difficulty levels?

Single Player Commandments

As someone who enjoys older games a story campaign is often critical since multiplayer communities have typically already moved on. Yet it’s hard to overlook some advances in game usability when going back to the past. Now technically these commandments are meant to address campaigns, whether solo or co-op. Still, whether making a new game or remastering an old one, designers please consider these guidelines to avoid frustrating your players.

I. Thou shalt not require Internet
An Internet connection requirement for a campaign is the bane of traveling and rural players who may not have the access or bandwidth to enjoy your game. Neglecting local-network and couch co-op is similarly frustrating for these gamers.

II. Thou shalt always allow pause and skip
Being able to pause at all times is important to gamers with families and responsibilities that may interrupt play. Similarly being able to skip cut-scenes or non-core gameplay helps avoid frustration. Otherwise one may feel forced to miss critical scenes or re-experience the same thing over and over. Ideally players can even rewind, replay, and fast-forward non-interactive cut-scenes.

III. Thou shalt auto-save frequently
Automatically saving at milestones is one helpful feature of many modern games. More frequently is better, though only when there is more than one auto-save slot. If nothing else then auto-saving when a player exits—even during a cut-scene—is better than burdening players with the fear-of-missing-out.

IV. Thou shalt quick save and load anywhere
Providing easy and customizable access to a quick save and quick load is even better than auto-save. It functions as a kind of permanent pause and resume helping players feel they are in control of the experience. This too should include saving and reloading in the midst of a cut-scene.

V. Thou shalt allow changing difficulty at any time
Easier difficulty modes are essential for busy and novice gamers, yet without the ability to change the difficulty players can be trapped hours into a path ultimately too boring or frustrating for them. If resources allow then the option to automatically nerf or buff the difficulty is best, so long as the player can override this in case they find dynamic difficulty doesn’t suit them.

VI. Thou shalt provide navigation hints
Whether arrows, way-points, hot-spot indicators, or objective menus there must always be guides for players who so desire. Of course these may be reduced or completely removed when players want a greater challenge.

Please take care not to rationalize transgressing these commandments as ‘essential’ features of your game. As a designer the intended experience should be a goal—not an unmovable absolute. Also keep in mind that neglecting accessibility and usability reduces the audience capable of appreciating your games.

Did I miss a commandment? Is there one that doesn’t belong? Comments are always appreciated.

How To Export Contacts From OwnCloud Database

For those who need or prefer directly dumping all their contacts from an OwnCloud database, below are commands to do it from a PostgreSQL installation.

Remember to put your OwnCloud user-name in place of the “…” in the query.

psql owncloud --tuples-only --no-align -c \
"SELECT encode(carddata, 'escape') FROM oc_cards WHERE addressbookid = (SELECT id FROM oc_addressbooks WHERE principaluri = 'principals/users/...')" \
> oc_cards.vcf

If you happen to have accented, or other non-ASCII, characters then you may need to convert from octal (“\nnn”) to UTF before trying to import elsewhere.

Why Can’t I Change Gamepad Controls?

A disturbing trend among some video games is gamepad support whose controls cannot be customized. While the standardization of gamepad support on PC’s has increased the number of games supporting them, for some games there is only a single configuration. For those of us who are differently abled, or simply prefer to use a familiar layout, control customization seems to be taking a step backwards.

This is surprising since personalizing controls has long been a feature of PC gaming for decades, even among small budget titles. Consoles such as the PS4 and Xbox One now offer the ability to remap keys for all games. This is a modest accessibility improvement, though it appears to come at the cost of less in-game remapping. So players who prefer to alternate between different games the situation often involves re-configuring one’s brain each time. One would hope the competition among PCs and various console platforms would drive progress towards more accessible controls.

It’s true that enterprising users and 3rd-party developers provide alternative means of remapping controls. Sadly, many of these fail to remap for multiple games at once. Steam is the most accessible and broadly available which does do per-game mapping. Still, being outside the game requires users know their games default controls and do the old-to-new mapping using only the abstract button names. It’s also a relatively unknown feature.

Despite the variety of games and genres there is a lot of similarity in game control: move forward-back-left-right, jump, crouch, action/shoot, sprint, etc. On PC the keyboard controls have defaulted to the WADS keys for forward-left-right-back, so why not have a means to change the defaults for all games at once? Certainly some games will have unique controls which cannot be standardized. In those cases in-game customization may be the best solution. Still, it would save gamers time and frustration if they could begin with familiar fundamentals when starting or switching among experiences.

If PCs and consoles increasingly become home-theater machines and gamers play a larger variety of games they too may be asking why controls are so difficult to personalize. Hopefully developers will take notice.