Skip to main content

Senior Web Engineer. Open web / music. Remote DJ. Tall Dutch guy. #3million


Fixing Virtualbox host network adapter cannot be created error

If when trying to start a vm, for example using vagrant, you get the error message that the host network adapter cannot be created:

There was an error while executing `VBoxManage`, a CLI used by Vagrant
for controlling VirtualBox. The command and stderr is shown below.

Command: ["hostonlyif", "create"]

Stderr: 0%...
Progress state: NS_ERROR_FAILURE
VBoxManage: error: Failed to create the host-only adapter
VBoxManage: error: VBoxNetAdpCtl: Error while adding new interface: failed to open /dev/vboxnetctl: No such file or directory
VBoxManage: error: Details: code NS_ERROR_FAILURE (0x80004005), component HostNetworkInterfaceWrap, interface IHostNetworkInterface
VBoxManage: error: Context: "RTEXITCODE handleCreate(HandlerArg*)" at line 94 of file VBoxManageHostonly.cpp

Make sure to first start the virtualbox GUI application. It does some extra checks, and sometimes highlights the permission problem:

In my case (OpenSuse 15.1 Leap), my user was not added to the vboxusers group. Via Yast > Users and Security .... and editing my user account it was a simple checkbox away. Remember to relog.

If that doesn't work, reloading the kernel extensions could help:

$ sudo dpkg-reconfigure virtualbox-dkms
$ sudo dpkg-reconfigure virtualbox
$ sudo modprobe vboxdrv
$ sudo modprobe vboxnetadp


End of Lives

Really handy reference site for many products. Remember that system provided packages are supported with backported security fixes in most cases. 


Stop OpenPGP passphrase prompting on login

As a security conscious person I setup my OpenPGP keys with a passphrase, however on OpenSUSE Leap 15 this causes a login prompt to appear that delays the network connection from initiating. The same issue also blocks software updates and means a browser restart due to DNS cache stopping connections to websites. This is fairly annoying.

It turns out that this can be fixed by sharing the network connection via Connections > open the connection > General Configuration > All users may connect to this network. This causes NetworkManager to cache the required  authorization tokens (this is my understanding).

Note that other software such as Kontact might set a daemon to startup by default, causing the same prompt. This can be unticked in its settings.

If everything else fails, then you could remove the passphrase for the PGP key but this is not recommended as this means someone can take on your identity should your key be exposed for any reason.


Transitioning to Gutenberg

The WordPress Project says:

The Classic Editor plugin will be officially supported until December 31, 2021.


Since the Classic Editor plugin is central in this transition, we are considering including it with upgrades to WordPress 5.0.

In the context of my professional work with WordPress it would be beneficial to see the Classic Editor plugin be included by default into the installation package. This would signal to plugin and theme developers that we are in a transition phase but supporting the existing installations, until Gutenberg is more fully accepted by the wider community. Not doing do could put pressure on smaller developers to just test their updates for Gutenberg only, resulting in a lot of broken sites or a security nightmare where people won’t be able to update to the latet versions of WordPress or their plugins until the teams and processes are ready.


Banning the "Ban Crypto" Agenda

Cory Doctorow over at writes:

Theresa May says there should be no "means of communication" which "we cannot read" -- and no doubt many in her party will agree with her, politically. But if they understood the technology, they would be shocked to their boots.

Perhaps we should no longer assume that politicians 'do not understand the internet' and assume they are asking for changes in the full understanding that they don't achieve the goal for which they're introduced.

As long as the situation that's being created is more favourable for them than the current one it's a net benefit.

Short-term politics is the biggest threat to UK society at the moment and the current government is particularly good at it.


Updating Homebrew for macOS Sierra

If you've just upgraded to Sierra and previously had Homebrew installed you may find that it no longer works because of the stricter security feature in macOS. In order to get Homebrew back up and running you need to execute the following commands in your terminal (thanks thehitmaniptf):

sudo chown -R $(whoami) /usr/local
xcode-select --install

The first command simply gives your local user account ownership of /usr/local (where brew installs things). The second command updates the Xcode command line tools without which Homebrew cannot compile packages.

Once this is done you can successfully update Homebrew as normal, and diagnose any remaining issues:

brew update
brew doctor

After running this you will receive instructions on how to restore the permissions on /usr/local as after updating Homebrew no longer will use this path.

Update 6th Nov, 2016: When using cask you might get told to update the cask room location:

sudo mv /opt/homebrew-cask/Caskroom /usr/local


Tip: keep a list of domains covered by security certificates and their expiry dates.<p>#status </p>


Security through insecurity

Schneier explained how, initially, NSA Director General Keith Alexander claimed in 2013 that he had disrupted 54 terrorists plots. A few months later, this was revised down to 13, and then to "one or two." Eventually, the only success that the NSA could point to was the prevention of a San Diego man sending $8,500 to support a Somali militant group.

Doesn't sound like a worthy trade-off.


How to tell a site is reputable or not?

I get asked every now and then if a new online shopping site is reputable or not. As there is no magic way to determine this I have written up these pointers to help you do the same.  Now please I am not responsible for any mistakes in ordering from a site that seems legit and then turns out to be fraudulent!

I'm trying to look at the following things:

  1. Do a google search for the domain name together with one of the following words added: reliable, reputable, fraud, scam etc. This might bring up a few experiences, check some links to determine that these experiences are genuine (not written by a competitor for example).
  2. Search for the domain name on the Web Of Trust and TrustPilot. Don't just look at the figures, look at the comments, so these seem genuine (have they been written with due care and attention and proper punctuation etc)?
  3. View the incoming links for the domain, using Alexa. Are these from genuine sites or things like link directories where people can add their sites just to get higher in the search results.
  4. All reputable shops will use social networking for marketing purposes. Check their Twitter replies and Facebook wall comments for happy / unhappy customers.
  5. If you know of a community that discusses the subject matter, search there too. They will probably have determined whether or not the site can be trusted.
  6. If you are still unsure, attempt a trial checkout and see if the website supports reputable external payment options. If your payment details are not stored with the website then they are safe in the event of a hack / security breach.
From the resources above you will get a general gist of any major issues. Feel free to get in touch with any of your tips.


Letter to Ministry of Sound

Dear sir/madam,
I am writing you to complain about the new ministry of sound website and the lack of data protection with regards to your users.

Earlier today I received an email notification about the new MoS website. The email also notified me that a new password was issued to use on the website. These are two characteristics of a phishing mail - in this case launching a new website and sending out new passwords, they could easily have been sent from a malicious source wanting me to login to their MoS-lookalike website and take my credit card details. You shouldn't send out a new password unless someone requests it on your website, because email can be forged. You also sent out my password in plain text email rather than on a secure part of your website. Anyone can read it and login to my account and purchase orders.

Also to my surprise while investigating the source of the mail, several of the links point to a domain (update: this domain name no longer exists!), the name doesn't help to improve the trust in your email. To my astonishment the link led to a webpage with the html email, again with my password in plain sight. Have a look (link removed), I changed my password already. Let's wait for Google to index it so that anyone can search for my account information. They already found other newsletters.

Finally, I used to buy my mp3s online. This site no longer works as an error comes up when it tries to redirect, due to a configuration error. My order history is gone, most of my profile is gone.

I'm very disappointed with your lack of security and care for your customers and unfortunately have come to the conclusion that I won't be using your service again, and I will recommend my friends and family to do the same, due to these trust issues.