Sustainable sysadmining. Toil is stupid. Full stack sysadmin.

home | blog | Teh Internet | guest blog |rants | placeholder | political | projects | Gwen and Liam | Citadel patched | Tools | Scouts


- Careful Chrome users, this search box might be "Not secure"


8 August 2019, 3:58 UTCI can do anything you want...

You just need the patience to explain what it is.

[permalink]


29 July 2019, 19:02 UTCSo long and thanks for all the fish! Gmail:

So, it is now time for you walled garden email folks to say goodbye!
Much of your current access to your account is going away:
Breakage to follow - might want to migrate items like copiers and what not to another service for email connectivity.
Get ready for phone / webmail only access. Have fun with that.
..."on October 30, 2019, we’ll begin removing the setting to “Enforce access to less secure apps for all users” from the Google Admin console. "
I feel more secure already.

[permalink]


24 July 2019, 16:20 UTCencryption is the (new/old) boogeyman again:

Attorney General William Barr showing his domain knowledge:
https://www.youtube.com/watch?v=c-QQwv1U2aY
- Rebuttal from Bruce Schneier : https://www.schneier.com/blog/archives/2019/07/attorney_genera_1.html
No re-copy for posterity before as I trust Bruce to keep up a blog long term :-)

[permalink]


24 July 2019, 15:13 UTCversioning considered useful (to some)

Ever see the following:
git commit comment like: upgrade checkin
- followed by 3995 files changed.
Should be easy to figure out the single file changed versus the other updates lumped in to the commit.

[permalink]


22 July 2019, 16:51 UTCVirtualmin and disappearing Apache

Are you getting failures to graceful start of Apache at logrotation?
Something like this in your logs?

[core:warn] [pid 1234:tid 123456789012345] AH00098: pid file /var/run/apache2/apache2.pid overwritten -- Unclean shutdown of previous Apache run?
[mpm_event:notice] [pid 1234:tid 123456789012345] AH00489: Apache/2.x.xx (Ubuntu) mod_fcgid/x.x.x OpenSSL/x.xx.xxx configured -- resuming normal operations
...[mpm_event:notice] [pid 1234:tid 123456789012345] AH00493: SIGUSR1 received.  Doing graceful restart
[core:notice] [pid 1234] AH00060: seg fault or similar nasty error detected in the parent process
[fcgid:error] [pid 1235:tid 123456789012346] FastCGI process 1235 still did not exit, terminating forcefully

Looks like some changes were made that don't get re-applied to older Virtualmin installs (2018 era and before):
https://www.virtualmin.com/node/22024
I think I might have been here before and fixed it with this:
blog/01328216702
See the "Q: Why are the apache logs not rotating?" bit....
Looks like the combined logrotate with many log lines in it is the "fix" for now.
If you already had that and are still having issues, try to bump up the sleep time out.

[permalink]


21 June 2019, 20:31 UTCrdesktop not working for you using certs?

Give xfreerdp a shot:

xfreerdp /u:"someuser" /v:server:3389

[permalink]


21 June 2019, 19:22 UTCsystemctl output

Strange days indeed:

systemctl status -l | iconv -f UTF-8 -t ASCII//TRANSLIT | sed 's/|//g' | sed 's/+-//g' | awk '{$1=$1;print}'

Why?
To do a quick comparison of what systemd thinks is the list of PPID's for Apache that are running, versus
the list ps gives.
Would have thought it would have been a quick thing, but argh.

Heh:
https://github.com/systemd/systemd/issues/9865
In case that goes away:
Hello,

please remove unicode from systemd outputs ... it's insane .. and fire please that teenager who did it.
...
please, consult that with some older and more experienced colleague (or any other responsible adult you
have avail around there) if you're in doubts .. I'm tired to explain, that logs should be ascii plaintext
and that they are very often parsed in industry by stupid old tools that choke on your sexy (and cunning) unicode ..

...

[permalink]


18 June 2019, 19:26 UTCBravo Microsoft - KB4503267
UPDATE - KB4503294
Apparently this one fixes the logging issue!
But of course, it comes with some possible side effects...


YOU EVEN BROKE THE FILTER ON ALL OF THE LOGGING YOU ID10TS!
When trying to expand, view, or create Custom Views in Event Viewer, you may receive the error,
"MMC has detected an error in a snap-in and will unload it." and the app may stop responding
or close. You may also receive the same error when using Filter Current Log in the Action menu
with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.


"you may receive the error",
"the app may stop responding or close."



... weasel words. If it happens 100% of the time, it is not
a may or might...
Ok, walk it back a bit. It was some of them. Still don't feel good about some items using the same software base
breaking in different ways from the same patch. - still reserving disgust.
Love the - use powershell after a bit of programming workaround bit as well (every time you wan't to view the logs!) - ugh...
Can't wait until Systemd logging makes this move :-)

Workaround

To work around this issue, copy and paste the following function into a PowerShell window and run it.
You can now use the command get-EventViewer at the PowerShell prompt to view your Custom Views.
You will need to re-enter the function each time you open a new PowerShell window.
Note The get-EventViewer function will only allow you to view previously defined Custom Views.
To create new Custom Views, see Creating Get-WinEvent queries with FilterHashtable.
-------------------------------------------------------------------------------------

function get-EventViewer {
                Write-Output "List of custom views on the machine"
                Write-Output ""
                Get-ChildItem "C:\ProgramData\Microsoft\Event Viewer\Views" -Filter *.xml | % { select-xml -Path $_.FullName -xpath "//Name" } | Select-Object -ExpandProperty Node | Select-Object -ExpandProperty InnerXml
 
                Write-Output ""
                $view_name = Read-Host "Enter the name of custom view to execute"
 
 
                # Get the file name of the view
                $ViewFile = Get-ChildItem "C:\ProgramData\Microsoft\Event Viewer\Views" -Filter *.xml | where-object { (Select-Xml -Path $_.FullName -xpath "//Name").Node.InnerXml -eq $view_name }
 
                Get-WinEvent -FilterXml ([xml]((Select-Xml -Path $ViewFile.FullName -XPath "//QueryList").node.OuterXml))
}

[permalink]


18 June 2019, 1:52 UTCSACKED - CVE-2019-11477 & CVE-2019-11478 & CVE-2019-11479

/proc/sys/net/ipv4/tcp_sack - TCP Selective Acknowledgements. They can    
reduce retransmissions, however make servers more prone to DDoS Attacks   
and increase CPU utilization.

Uh, so what did Netflix to, read the kernel documentation?
Good advice from Suse:
https://www.suse.com/support/kb/doc/?id=7023928
Give this a shot if you find you need relief (with a trade-off):
echo 0 > /proc/sys/net/ipv4/tcp_sack

[permalink]


29 May 2019, 4:01 UTCDrop Android phones from your network?:

Want to have a quick way to drop Android phones from your network?

iptables -I FORWARD -d 216.58.192.0/19  -j DROP
iptables -I FORWARD -d 172.217.0.0/16 -j DROP

Not sure which network does it, but if you add this to your firewall,
the Android phones will show "Connected, no internet".
They will "connect" to the network, but not have internet access (apart from the cell
network) as a fall-back route.
They (Google) must be using some connectivity to some host or hosts in those networks?
Silly, but I suppose they had some reason to do that.
It does make it hard to trust the basics of networking when that is true, as
I would sometimes use my phone to troubleshoot networking issues.
Makes it easy for the pinks I suppose.
p.s. This works today (2019/5/28) on all current 'Droid software that I am aware of.
It might not work after they patch it. Also, assume burgerland isp's in use.

[permalink]



24 May 2019, 17:20 UTCPython 2.7 still? Unicode and conversions...
21 May 2019, 20:53 UTCShoot the messenger:
20 May 2019, 18:04 UTCNice 'n blinkey...
20 May 2019, 18:02 UTCSupport portal broken, loop, use Support portal...
14 May 2019, 21:21 UTCThe next worm for older Microsoft OS's?
9 May 2019, 3:56 UTCMySQL vs MariaDB
9 May 2019, 3:42 UTCBreak down barriers
30 April 2019, 3:58 UTCBlah... is now open source...
29 April 2019, 19:30 UTCvi / vim stuff:
27 April 2019, 5:43 UTCFun Google search:
26 April 2019, 4:05 UTCLight reading:
23 April 2019, 20:09 UTCGopher links:
23 April 2019, 14:50 UTCMagento bits
3 April 2019, 20:31 UTCnetplan with a plan (dhcp and alt dns servers):
13 March 2019, 13:21 UTCMore systemd in the way. - deluser.
17 January 2019, 21:46 UTCInstalling .Net 3.5 on Windows 10 and failing?
31 December 2018, 23:04 UTCcompgen -c (you complete me)
16 December 2018, 6:03 UTCRIP Timothy C. May - December 2018
11 December 2018, 12:43 UTCFirewalld - what is it?
5 December 2018, 15:05 UTCPolicyKit - uid's > max_int allows unprivileged user to run systemctl commands.

All older entries




[atom feed]  
[æ]