A wise choice? Github as infrastructure

2015-03-29 09:42:43 PST

Tags: , , ,

So more and more projects are using github as infrastructure. One of the biggest cases I’ve seen is the Go programming language which allows you to specify “imports” directly hosted on code sharing sites like github and “go get” to get them all before compilation, but also lots of other projects are adopting it like Vim’s Vundle plugin manage which also allows fetching and updating of plugins directly from github. Also I wouldn’t be surprised if one or more other languages’ package managers from pip to npm do this too. I know it’s pretty easy and now cool to do this but…

It isn’t actually infrastructure grade. And that is hilighted well in event’s like this week when they are suffering continuals outages from a massive DDOS attack that some news sources are suspecting might be nation-state based.

How much fun is your ops having deploying your new service when half it’s dependencies are being pulled directly from github which is unavailable? Bit of a strange blocker hm?

Cyanogenmod, Bluetooth and a Sphero

2015-03-03 22:49:12 PST

Tags: , ,

Warning! Don’t do this – see edit below

I bought a Sphero unboxed it and was disappointed. Not in the Sphero but in Cyanogenmod on my phone, which sadly was using the latest Installer/stable version which was last updated in August 2014 and had bluetooth connectivity issues. I could pair with the Sphero, but connections dropped quite quickly and often (like never up to a minute)

Apparently this is a know but not high priority issue and has been resolved but no stable release currently forthcoming. So I downloaded the latest nightly build (20140302), followed the instructions from the wiki on flashing (sadly because the installer versions are incompatible with the nightlies I couldn’t just “upgrade” but had to wipe and install) and volia, Bluetooth and the Sphero were working great. Then an hour of signing into all my apps again and everything is good. (Seriously though, if you are going to blow away your phone? Make a ton of notes, go through your apps, because all your authenticators will need a restore plan at minimum. I filled a page with notes in preparation)

Edit 2015-03-07: So while the nightly fixed the known issue with bluetooth, it introduced a more exciting new issue of the cell signal dropping every time the screen locked. Which appears to be known since Aug or Sept. This seems to be an issue with older baseband modem drivers, perhaps if you have a newer one it will be ok, but I could not seem to procure/flash one so I was left to revert to the Stable cyanogen version that at least let my phone work as a phone, if not a Bluetooth toy remote control.

StrongSwan VPN (and ufw)

2015-01-26 17:29:54 PST

Tags: , , , , ,

I make ample use of SSH tunnels. They are easy which is the primary reason. But sometimes you need something a little more powerful, like for a phone so all your traffic can’t be snooped out of the air around you, or so that all your traffic not just SOCKS proxy aware apps can be sent over it. For that reason I decided to delve into VPN software over the weekend. After a pretty rushed survey I ended up going with StrongSwan. OpenVPN brings back nothing but memories of complexity and OpenSwan seemed a bit abandoned so I had to pick one of its decendands and StrongSwan seemed a bit more popular than LibreSwan. Unscientific and rushed, like I said.

So there are several scripts floating around that will just auto set it up for you, but where’s the fun (and understanding allowing tweeking) in that. So I found two guides and smashed them together to give me what I wanted:

strongSwan 5: How to create your own private VPN is the much more comprehensive one, but also set up a cert style login system. I wanted passwords initially.

strongSwan 5 based IPSec VPN, Ubuntu 14.04 LTS and PSK/XAUTH has a few more details on a password based setup.

Additional notes: I pretty much ended up doing the first one stright through except creating client certs. Also the XAUTH / IKE1 setup of the password tutorial seems incompatible with the Android StrongSwan client, so I used EAP / IKE2, pretty much straight out of the first one. Also seems like you still need to install the CA cert and vpnHost cert on the phone unless I was missing something.

Also, as an aside, and a curve ball to make things more dificult, this was done one a new server I am playing with. Even since I’d played with OpenBSD’s pf, I’ve been ruined for iptables. It’s just not as nice. So I’d been hearing about ufw from the Ubuntu community from a while and was curious if it was nicer and better. I figured after several years maybe it was mature enough to use on a server. I think maybe I misunderstood its point. Uncomplicated maybe meant not-featureful. Sure for unblocking ports for an app it’s cute and fast, and even for straight unblocking a port its syntax is a bit clearer I guess? But as I delved into it I realized I might have made a mistake. It’s built ontop of the same system iptables uses, but created all new tables so iptables isn’t really compatible with it. The real problem however is that the ufw command has no way to setup NAT masquerading. None. The interface cannot do that. Whoops. There is a hacky work around I found at OpenVPN – forward all client traffic through tunnel using UFW which involves editing config files in pretty much iptables style code. Not uncomplicated or easier or less messy like I’d been hopnig for.

So a little unimpressed with ufw (but learned a bunch about it so that’s good and I guess what I was going for) and had to add “remove ufw and replace with iptables on that server” to my todo list, but after a Sunday’s messing around I was able to get my phone to work over the VPN to my server and the internet. So a productive time.

OpenSSH + 2 and 3 factor auth

2014-08-30 08:01:03 PST

Tags: , , ,

Windows and C#, oh my!

2014-08-28 14:12:38 PST

Tags: , ,

So this happened at work

work

That’s right, after 13 years of being a purely Linux user, work asked if I’d like to be cross trained in Windows/C# development and I said “sure” and here I am.

So first thoughts: VirtualBox’s ability to boot from a harddrive is a massive help, crutch, safety blanket and amazing, I have my origional work Ubuntu install runing off the harddrive in VirtualBox fullscreened on one of my two screens fairly seamlessly interacting with the host Windows (copy/paste etc). Windows 8.1 is less broken than I remember my one half hour of messing around with Windows 8 to be. Also little apps like AltDrag help ease the transition. Although there have been a good few cases of wrong window typing because I’m about 13 years out of practice with click-to-focus. Visual Studios + ReSharper are at least trying to ease the burden of coming up to speed on a new language, environment and code base by making exploring easier, so that’s appreciated (“Find declaration/implementation/usage” are getting a lot of usage from me).

As for a deeper why? Well, my new director basically made a more complelling argument about Visual Studios and C# being good languages for a lot of productivity in a way that clearly got my interest unlike anyone else in the past. Naturally final verdict is TBD (will need some good time on that one), but I appreciate the oppurtunity because this stack isn’t one that would often land in my lap to experiment with and learn on.

So, new learning adventure comenses. We’ll see where this takes me.

Link: Linux Encryption in the Cloud using LUKS on Linode

2014-08-26 21:42:13 PST

Tags: , , , , ,

Linux Encryption in the Cloud using LUKS on Linode – an excellent guide to setting up a Linode with root disk encryption – 2013
Work around for 14.04 …

USB passthrough to a VM, via GUI only

2014-05-26 06:43:15 PST

Tags: , ,

It sure has gotten easier to add USB devices to VMs with libvirt-manager and it’s nice UI

www.linux-kvm.org/page/USB_Host_Device_Assigned_to_Guest

Email server todo: read up on DMARC

2014-04-07 15:55:22 PST

Tags: ,

The latest bolt on top email security specification, on top of SPF and DKIM is DMARXC. Need to read up on and get to implementing I suppose.

git branch in bash prompt

2014-03-18 13:20:31 PST

Tags: ,

Adding ‘$(__git_ps1)’ to my .bashrc PS1 bash prompt was the greatest idea/discovery I’ve had in a bit, as now I know exactly what branch any repo I enter is on:

dan@dan-work:~/src/work-project/ (master)$ 

Ubuntu 14.04 because I couldn’t wait

2014-03-14 06:33:49 PST

Tags:

Well, for better or worse, I semi impulsively upgraded my main laptop Minerva to Ubuntu 14.04 a month and a bit ahead of release. I used to upgrade to all the latest Ubuntu versions a month and change ahead of release because back in the 10.04 and before days the Ubuntu alpha’s and beta’s had amazing stability. After that the stability went away, even in some case from the actual releases (12.04 has always been a bit unstable to my mind, even two years later). But so far (knock on wood) nothing has exploded so that’s good.

I’ve always been a fan of ‘focus follow mouse’ so while I had previously just removed the Ubuntu appmenu (because the two do no work together and also appmenu degrades functionality on bigger screens) I’m now trying their new “Menus in title bar”. I’m glad they are now remembering and acknowledging big desktop interface users.

Now I just need to track down the new beta’s of ROS that will work on Ubuntu 14.04 and we’ll really be cooking…

Valid XHTML 1.0!
Valid CSS!
This is a personal web page. Things said here do not represent the position of my employer.
Mindstab.net is proudly powered by WordPress
Entries (RSS) and Comments (RSS).
17 queries. 0.363 seconds.