Today’s work : A dockerfile to build an archlinux image with sshd
You can find my notes here: Dockerfile notes
I am a very proud member of Athen’s Hackerspace.
I am enjoying the entire 3+ years time (and money) that i’ve spend at this hackerspace. Love it.
Today was a very productive day.
With a good friend of mine, are working to setup an ansible, docker, btrfs workshop !
We want to contribute back to the community and we thought that this is a great opportunity.
We are not guru or anything like that - no, we just want to share the knowledge we are getting by spending time at hackerspace. Nothing more, nothing less. Just share our feedback to all the people that have helped us till now.
So, we are working together (collaboration) by making small steps towards to build these workshop.
Today’s work: Creating a tiny compressed archlinux docker image.
My instruction set is documented here: archlinux installation for docker.
Hopefully my next blog post will be about a simple ssh docker file.
We are trying to keep simple notes so that many people can read and use them.
I am currently pseudoparallel reading (i am currently reading one other book) The Pattern On The Stone By Daniel Hillis and i am really really impressed about the simple explanation on logical gates (boolean algebra).
Hillis is using as an example The Tinkertoy computer - the mechanical computer for playing TicTacToe !
Look at this page to take a quick look: The Tinkertoy computer
BTW The first mechanical computer is the The Antikythera mechanism 100BC to predict astronomical positions and eclipses.
Truly Amazing !
It took me a few minutes to understand why one of my online sign files isnt the correct one.
The actual file:
[~]> md5sum file.sign
89dd90709bbc51eb6796280123f46fe6
The file on my web server:
$ md5sum file.sign
89dd90709bbc51eb6796280123f46fe6
when download it :
[~]> md5sum file.sign
f57846a7032a1d106799af38ab94cfb7
Say what ?
Whattttttt !
[~]> file file.sign
file.sign: gzip compressed data, from Unix
so what if i did:
gunzip -d -c file.sign | md5sum
89dd90709bbc51eb6796280123f46fe6 -
So a light bulb lighted up upon my hackergotchi !! mod_deflate
i need to change my filters
reading
man 5 fluxbox-keys
i found that there is
ArrangeWindows pattern / ArrangeWindowsVertical pattern / ArrangeWindowsHorizontal pattern
so i edited my
~/.fluxbox/keys
to auto-tile (vertical/horintal) with my super (window) key as shortcut
Mod4 h :arrangewindowshorizontal
Mod4 v :arrangewindowsvertical
Postfix has the ability to DISCARD (or Reject) any email, by using simple regular expressions. This can be done on your incoming or outgoing mail farm and you can either check the header or body of an email.
For me header_checks is a more powerful tool but the main problem with phishing bots is that the headers arent always the same (different IPs, different Froms etc etc).
And on half of them scam situations there is an ugly url or email inside the body of the email.
Our abuse department informed us today for a scam bot that “WANTS YOU TO REPLY TO THEM WITH YOUR PASSWORDS” and we took the appropriate measures against it. None of our outgoing mail servers can be used to send a reply to the abuser mail address.
There is a debate in our team about future incoming of this specific scam bot. We could use body_check to silent DISCARD any new incoming mail but that also make it very difficult for us to communicate with each other.
The main problem is that i cant “report” to my manager about that OR the security/abuse department cant send me any email that has the “BAD email address” inside the body or our mails.
Is ignorance !
Plz take a minute and read this:
The greater percentage of people will login to a http site. Especially if they use a lot of mobile hardware with screens small enough with outdated operating system/browser.
Whatever you do, whatever measurement you have taken, If someone finds an open wifi and wants to connect to site like facebook from his/her mobile device, he/shell will never check for a https connection. If there is a MAN-IN-THE-MIDDLE (proxy/dns spoof) people will connect to http://facebook.com on a private address like 192.168.2.5
So the effort should be on education and digital liberty. Cause people, will always choose the most free & easy use app Vs complex but secure.
If you are not using your PC/laptop as a server, then 99,99% you dont need network at the boot time.
Disabling NetworkManager can speed up your machine.
> sudo systemctl disable NetworkManager
Of course we all need network, so tell your machine to start NetworkManager after your boot process. And you can do that by editing your crontab as root:
> sudo -s
# crontab -e
and typing
@reboot systemctl start NetworkManager
try this and measure the time you have saved by
systemd-analyze
before and after .
A colleague of mine wants to add a new vhost on one of our apache web servers.
Running:
/etc/init.d/httpd configtest
he noticed that php_admin_flag had produced an error msg. We comment this flag out and tried to restart the web server. Unfortunately the httpd didnt came up.
Searching through logs I’ve seen these:
Dec 14 14:33:54 Erased: php-snmp
Dec 14 14:33:54 Erased: php-mbstring
Dec 14 14:33:54 Erased: php-pear
Dec 14 14:33:55 Erased: php-common
Dec 14 14:33:55 Erased: php-mcrypt
Dec 14 14:33:55 Erased: php-gd
Dec 14 14:33:55 Erased: php-mysql
Dec 14 14:33:55 Erased: php-cli
Dec 14 14:33:55 Erased: php-pgsql
Dec 14 14:33:55 Erased: php-ldap
Dec 14 14:33:55 Erased: php
Dec 14 14:33:55 Erased: php-devel
Dec 14 14:33:56 Erased: php-pdo
Dec 14 14:34:17 Installed: php53-common-5.3.3-22.el5_10.x86_64
Dec 14 14:34:17 Installed: php53-pdo-5.3.3-22.el5_10.x86_64
Dec 14 14:34:27 Installed: libc-client-2004g-2.2.1.x86_64
Dec 14 14:34:28 Installed: php53-mcrypt-5.3.3-1.el5.x86_64
Dec 14 14:34:28 Installed: php53-mysql-5.3.3-22.el5_10.x86_64
Dec 14 14:34:28 Installed: php53-ldap-5.3.3-22.el5_10.x86_64
Dec 14 14:34:28 Installed: php53-mbstring-5.3.3-22.el5_10.x86_64
Dec 14 14:34:28 Installed: php53-gd-5.3.3-22.el5_10.x86_64
Dec 14 14:34:28 Installed: php53-xml-5.3.3-22.el5_10.x86_64
Dec 14 14:34:28 Installed: php53-imap-5.3.3-22.el5_10.x86_64
Dec 14 14:34:28 Installed: php53-snmp-5.3.3-22.el5_10.x86_64
Dec 14 14:34:28 Installed: php53-pgsql-5.3.3-22.el5_10.x86_64
Dec 14 14:34:28 Installed: php53-cli-5.3.3-22.el5_10.x86_64
If you havent noticed the horror yet let me explain it to you:
There is NO php on the system!
A couple weeks ago, another colleague did a not so successfully update on this server.
blah blah blah
blah blah blah
blah blah blah
and story told short:
yum install php53.x86_64
worked it’s magic.
So keep it in mind that after yum update, you have to do manual restarts on the running services and check that everything works properly OR someone like me, will try to destroy your Christmas plans as a revenge !
openldap 101 - Building a Centralized Authentication System based on openldap
hands-on workshop @hackerspacegr
Sat 14 Dec 2013 15:00
- First linux distro i ‘ve ever used: Red Hat 5.2 but i couldnt find a way to power up X
- Used SuSE Linux 6.3 for about six months. There was a tool named sax or sox that you could configure your video card from command line.
- After that was Mandrake 8.2 and kept Mandrake for several years.
- Did a trial with Linux From Scratch and of course Slackware was always just a click (download) far away but i returned to mandrake
- Left from mandrake just about mandriva came in and started to use ubuntu. Before all the crappy decisions!
- Used ubuntu for almost 3 years but did some tests with fedora … never liked it !
- At 2009 did an error with rm (i removed the entire usr dir) and tried archlinux for the first time.
- NEVER looked back, never installed another linux distro, never had a problem in my life!
Yesterday i helped a company to run a training session.
PLZ keep reading … it’s an interesting article
So i’ve written the process:
- Login to a juniper web (over ssl - self signed) page
- Through this site, download a vmware client
- Run the vmware client that opens a vmware web client instance
- Login to this virtual machine
- Open through this virtual machine a citrix xen virtual desktop
- Login to this virtual machine with DOMAIN credentials
- Open an Internet Explorer to read/run the training session
Most of the tasks are just written procedures that you have to read and some are java applications that you have to run and answer some questions.
So we have 3 different sets of passwords and 3 different technologies to run a java app for training and an IE page for reading some procedures.
You need to install rtmpdump.
The rtmp stream has three parts:
- rtmp url
- target app on server
- playpath
eg.
streamer: ‘rtmp://cp126783.live.edgefcs.net/live’, file: ‘Alfaradiofwno@86944?.mp3′
- rtmp url : rtmp://cp126783.live.edgefcs.net
- target app on server : live
- playpath : ‘Alfaradiofwno@86944?.mp3′
then pipe the stream through vlc:
rtmpdump -V --live -r rtmp://cp126783.live.edgefcs.net -a live -y 'Alfaradiofwno@86944?.mp3' | cvlc -
[this blog post is just a shatter idea]
Is it time to change the way we are searching? Till this moment, we were searching through the browser’s default search engine but Gnome has changed all that for everyone (even me, who doesnt use gnome!).
What we all need from a search engine: To locate our files or info. If it is not there, search the internet, privately and anonymously.
A lot of you, are going to tell (correctly) that what we are searching define us and not the search engine itself. Privacy isnt something we can measure from or within a search engine. But most people dont understand or (even worse) dont care about all that.
I use mlocate for my local file searching and sometimes find. After that is searching through my emails and then through my browser’s search engine.
Using a different browser means that i have to use a different search engine. And what if i am using gnome? It feels like Gnome is fighting firefox. And chromium/midori etc are fighting each other. I use a lot of different browsers (mostly for testing things) but at some point i just gave up and now i use three or four different web search engines!
Why all that? Why Gnome is fighting with my browser settings? Why i have to change a search engine when browsing through different browsers?
What i would like to have (as a linux user): A dead simply interface - just one text line. My “environment default search engine” would search my local files first, my emails after, wikipedia next and the internet in the end. I want to have the ability to sort, re-search through the results, tagging info (as i would do in the real life) and store all that for offline reading. As a bonus i would like to search through my social media - if i have already authorized my “environment search engine” to do that.
A modular search engine that would store (cache) locally my searches and results. Letting me figure it out - what i need from all of that. And i want to use the same engine to all of my browsers and changing it global. My “personality” would be stored on a local db inside my computer. I would like to have the ability to sync it with my laptop or work PC (secure sync - it can be done).
There is a big difference between anonymity and privacy. I am hoping everybody already understand that.
bind has a nice command to dump all the records (cache, views and zones) of a bind dns server to a single file.
> rndc --help
dumpdb [-all|-cache|-zones] [view ...]
Dump cache(s) to the dump file (named_dump.db).
Our named_dump.db file has 3.5m lines.
I was looking for a simple way to parse this entire formatted file and split the content of the zones to bind formatted zone files (for another project). So i was looking to implement the exactly opposite from: rndc dump --zones
i came with this:
grep 'IN' named_dump.db | awk -F[\'\/] '/Zone dump of/ {out=$2;}{print > out;}'
PS: The reason i am doing that, is that we dont have the 41435 zones to strict formatted bind zone files.
Some of them have “A” against “IN A”, some of them dont have TTL on RR (so the master TTL is in place), some of them use ‘@’ for origin etc etc etc. This is acceptable from bind, not really hard to parse when you are programming a custom provisioning mechanism.
archlinux has chosen to remove TCP wrappers from it’s core packages a couple of years now.
You can read this all about here.
This is how to imitate the tcp wrapper (by the way Wietse Venema rocks! ) functionality with iptables and source range.
iptables -A INPUT -p tcp --dport 22 -m iprange --src-range 158.255.214.14-158.255.214.15 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP
Hackerspace.gr [HSGR] is a physical space dedicated to creative code and hardware hacking, in Athens.
Location: Athens, Greece
320 events the last couple years
This is some of what we have accomplished
take a look
Why i chose archlinux as my primary desktop distro.
a non techinal approach
I am using linux for personal and work related use, from 2002 on a daily bases. I work as a unix system engineer, so i think of my self as an intermetiate user and not a newbie. Not at least on the majority of linux things, cause things are changing too fast and we must adopt to the new world. In this blog post, i will not write down my linux history but i believed that a prolog should be in place, so everybody (me and you) have the same context.
I am using archlinux from May 2009 so its almost four years now. You could say that i got around archlinux as a mistake (i was using ubuntu at that time and a space character after “rm -rf /usr /local/src/something” made me remove my /usr folder) but the test i’ve made (installing archlinux) that evening changed my life.
Why i chose archlinux ?
at that point, I had three options:
a. fedora
b. archlinux
c. freebsb
I had used fedora before 2009 and i wasnt impressed. At that time ubuntu was the only true choice for someone like me. So the next step was installing archlinux or freebsd. I chose archlinux cause it is a Linux distro and not unix.
So i took a risk.
What i did know about archlinux at that time:
- archlinux was a binary distro
- archlinux didnt have any configuration/automate tool
- didnt have a nice installer but only a text based menu
- archlinux had the best wiki i’ve ever seen
- archlinux had a large active forum
- archlinux had an impressive amount of packages at the default repositories
- archlinux had an EVEN impressive amount of packages at AUR
- archlinux had a simple text file for reconfigure a package (PKGBUILD)
- all of the archlinux packages was as close as the upstream had just uploaded !
i didnt know much about archlinux and all of that obvious things i’ve learned them in a just a few days.
From the first day - i wanted to contribute somehow to that amazing distro.
So the first gallery of archlinux installation had been published at the next couple hours
What i learned in the next couple days.
- archlinux has a simply to use/configure package manager, called by archers as pacman ! neet
- archlinux DOESNOT setup Xorg !
- archlinux doesnt have any configure/automate tool
wait a minute - i knew that already, but there is NONE
if you want to setup your network - you must know how to do it.
You need to read manual pages for breakfast and do it all my hand.
There isnt any tool to setup nothing.
Audio ? you must put your self in the right group and you have to read the wiki.
You have to learn.
And it was perfect for me. I’ve learned so much just by using it and i am still learning.
Any big changes ?
Yes there are some things i didnt like and the main problem is the attitube of arch devs. They are intelligent people and document everything but they make hard decisions that none of the arches around the globe appriciate - at least at the current momment.
I mean, remove tcp wrappers cause the last version was ten years ago ?
stupid, right ?
- Change your /lib to /usr/lib
- Convert your init to systemd
- Remove the text base menu installer !!!
(still pretty angy about that) - grub2 as a default boot loader the same day that gnu released an annouchment that grub is legacy!
and some other things that people dont get along.
There was a time that updating your linux kernel meant you had no system after that!
So what about know ?
what i know now about archlinux
- archlinux is a binary distro
- archlinux dont have any configuration/automate tool
- archlinux has the best wiki i’ve ever seen
- archlinux has a large active forum
- archlinux has an impressive amount of packages at the default repositories
- archlinux has an EVEN impressive amount of packages at AUR
- archlinux has a text simple file for reconfigure a package (PKGBUILD)
- all of the archlinux packages are as close as the upstream upload them !
so … this is the most stable linux distro i have ever use !
The feeling of understing and knowing your linux distro is underappriciate to every other linux distro user cause you need to learn linux.
What about pacman ?
Till archlinux, i had the feeling that the package manager of a distro isnt that important.
You add packages, you remove packages and every now and then you upgrade packages.
Every six or nine or 12 months you have to dist-upgrade your distro version.
And then … there is pacman !
pacman is a strong package manager that uses simply text files that describes how to build a package.
PKGBUILD are easy read and easy to hack. So you can have your own packages in just a few minutes.
Archlinux is a rolling distro. You are always on the latest version.
Is it stable ?
I dont see how it shouldnt be!
Security updates are just a momment away, as the upstream upload a new version of their software
Non free code? non opensource codex ? doesnt matter. We just want to have a desktop awesome desktop distro.
I want to use vlc to play mp3 and divx - i care enough about opensource, but i also dont care enough to be an evangelist
or make my life difficult.
Yes the stable versions of the packages arent tested enough but lets face it,
is just how the opensource word works! You find a bug - you are yelling to the internet.
Perhaps you are the first one that had a problem with this new version of program.
So its for you to contribute.
Same policy as fedora project, or unstable debian.
Are there any cons ?
yes they are, its a bleeding age linux distro.
you have to ugprade at least every week your machine.
You need to read the news section first,
you need to read the wiki,
you need to read the manual pages.
So if all of that are cons, then thats it.
You system is broken ?
You can blame Alan for that.
Everybody else does that - why not you ?
There are actual times that he blames himself too.
So everybody happy - you have someone to blame.
Learn and adopt archlinux.
You need to time to adopt - i understand that.
But you need just one evening, then its all there - at the wiki.
GReek comminuty ?
yes and no
They (we ?) keep a low profile. None of the “major” players attrack attetion.
We (they ?) just use the archlinux forum/irc/wiki to interact with others.
There is a greek site - just to translate the news section (mostly).
So give it a spin - if you have a couple hours to spare - and start using,
perhaps the last linux distro you’ll ever use.
tl;dr
click here: html5test
full blog post:
I use a lot of different web browsers on a daily bases for testing and viewing company’s web applications and of course for browsing through the internet.
I use firefox cause it’s just works - without a lot of tweeks and has a huge addon library.
I dont like chromium cause i need to work through a lot of different proxies and chromium doesnt have yet a FoxyProxy plugin (or i havent found one yet).
I like working with midori web browser cause is the most light WebKit engine browser and when firefox is giving me the pain, i immediately switch to midori (till i have to work with foxyproxy).
In most cases everybody have an another web browser that they use for time to time but isnt their default browser or doesnt work perfectly as they want, but they love it as if it was their own baby project. This is my feelings about vimprobable2. It’s an amazing project - amazing.
For my line of work, i couldnt bypass internet explorer (even if i wanted to - and i want to) so in the mix i will bring up IE too.
I wanted to test their html5 capabilities and these are my results:
So clearly chromium is the leader and firefox Nightly with it’s gecko engine just behind.
I also loved that vimprobable2 scored better that midori.
IE version 8.0.6001.1872 scored 42/500 !
Nightly is Firefox Nightly version as of this blog post writing time
Every project tested (except IE) was in its latest version.
So test your browser with: html5test
Inside your project, there is a .git directory
> cd ~/awesome_project/
> cat .git/hooks/post-commit
git show -C | mail -s "git commit at `hostname`" myemail@example.com
simple !