Older blog entries for skvidal (starting at number 409)

2step auth for your gmail accounts

Been seeing a lot of random spam from known people on gmail accounts recently. People whose accounts got phished or brute-force-cracked or what-not.

I’d like to suggest folks using gmail look HARD at using this:

http://www.google.com/support/accounts/bin/static.py?page=guide.cs&guide=1056283&topic=1056284

it’s easy to setup and once you have it in place you’ve just made things much, much harder for folks to abuse. Not impossible, you’re not completely safe. But you are in a better position than you were before.

(caveat please don’t blame me b/c the guy in this video desperately needs to shave, it drove me nuts, too)

 


Syndicated 2011-06-08 17:15:03 from journal/notes

shutdown vm but enabled to autostart on boot

Having recently been bitten by this in an ugly way I hacked up this quick func script to check for this sort of nonsense. I could do it more trivially but I need some minion-side changes to make it easier:

http://skvidal.fedorapeople.org/misc/auto-enabled-but-shutdown.py

run this on your hosts, It will only hit hosts which have virtd/xen active on the system and then it will query them for the hosts. It will report if a vm is shutdown currently but is set to autostart on boot. If none are that way then it will output nothing.

I’ve pushed the minion-side changes out to upstream func and I’ll test out a new version of this which does it the opposite way, too: running, but not set to autostart on boot.


Syndicated 2011-06-01 17:01:44 from journal/notes

collecting connection data

Let’s say I want to collect the following info on a set of servers locally to the system:

- any tcp or udp connection (in or out) and the source and dest ports – but only to or from a specific set of hosts.

- uniqued so I don’t have more than one copy of any connection

what would be the least invasive way to do that? I thought of something like tcpdump – but that seems expensive. I also thought about trying to do something like it with iptables logging – but I’m not sure how much control I can get from the output of the logs.

thoughts?


Syndicated 2011-05-19 20:47:55 from journal/notes

canary?

or is it a canard?

or is it maybe a red fish?

so hard to tell these days.

just ignore this.


Syndicated 2011-05-04 18:20:28 from journal/notes

earliest installed pkg time.

Recording this for posterity – in case I forget.

date +%F --date=@`rpm -qa --qf '%{installtime}\n' | sort -nr | tail -1`

Syndicated 2011-04-29 21:19:45 from journal/notes

return list of files not owned by any package

I’m sure you’ve done this before. You add a file onto a system outside of any package and maybe outside of your config mgmt system and then you forget about it and when things go sideways you can’t find it and things get $bad.

Right, so this is a first version of a simple script to report the files which are on the system which are not owned by a package:

http://skvidal.fedorapeople.org/misc/return_unowned_files.py

run it like:

return_unowned_files.py /etc /usr

and it will return the files in those dirs that are not owned by a package.

A couple of things it does – it ignores ~ and .bak files it also ignores .pp files (b/c those are selinux policy compilations) and it will skip over symlinks.

Give it a try – you might be shocked as to how much crap there is in /etc, I know I was. :)

I’ll have another version before long that combines this with looking into puppet manifests to see if the file is controlled by puppet.

 


Syndicated 2011-04-14 16:22:56 from journal/notes

ad block plus – plug

I recently had my extensions crash in chromium and I visited some websites I commonly go to for the first time without adblock plus enabled.

I hadn’t realized how ugly the internet is these days.

Ad block plus makes the internet significantly less ugly.

I restarted my browser and then sent the guy who maintains it some cash for his work in making the internet less god-awful ugly.

http://adblockplus.org/en/

seriously.

 


Syndicated 2011-04-08 16:03:10 from journal/notes

new linux distro and pkg manager!

I heard about this new linux distro: cantebury linux. It’s combining debian, opensuse, arch, grml, gentoo and more.

I’ve also heard they have a new pkg manager. It’s going to be called “cant”.

Commands would work like”

cant install anything
cant remove anything
cant update anything

HAR HAR HAR HAR


Syndicated 2011-04-01 02:03:53 from journal/notes

compare installed pkg lists

I did this in func-yum before but I  had to do it today with just a pile of files of ‘rpm -qa’ from a set of systems and I put this together for just that purpose.

I realize I could diff the files but then order would matter and for purposes of pkgs on the system, the order doesn’t matter.

http://skvidal.fedorapeople.org/misc/host_pkglist_compare.py

for example:

 


$ python ~skvidal/host_pkglist_compare.py xen05.phx2.fedoraproject.org xen09.phx2.fedoraproject.org
Packages on xen05.phx2.fedoraproject.org not on xen09.phx2.fedoraproject.org

Packages on xen09.phx2.fedoraproject.org not on xen05.phx2.fedoraproject.org
m4-1.4.5-3.el5.1
selinux-policy-devel-2.4.6-300.el5

could make it easier to chase down bogon pkgs installed on your systems.


Syndicated 2011-03-30 20:31:22 from journal/notes

a sense of perspective

I read this today:

Mr. Jaczko’s testimony came as the American Embassy in Tokyo, on advice from the Nuclear Regulatory Commission, told Americans to evacuate a radius of “approximately 50 miles” from the Fukushima plant.

from: http://www.nytimes.com/2011/03/17/world/asia/17nuclear.html?hp

I started trying to figure out what that looks like land-mass-wise and population wise.

drawing a 50 mile circle around daichi gives you a land mass space about 3925 sq/miles (b/c roughly half of the area is ocean) ((50^2)*3.14)/2

that’s 2.7% of the total land mass of Japan.

To translate that to terms Americans can comprehend: 2.7% of the US land mass is roughly the STATE of Colorado.

According to wikipedia japan has a population density of 873 people per sq mile.

so take the 3925 sq miles and multiply that by 873 (guessing it is probably average) and you get 3.4Million people to evacuate.

To put some perspective on THAT – that would be about the same as evacuating the city of Los Angeles, CA.

It’s a nightmare to imagine how you would manage that even if things were fully functional. When things are broken I cannot fathom it.

It staggers my mind.


Syndicated 2011-03-16 21:03:44 from journal/notes

400 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!