Blogs on Here be dragons

Update:

osslsigncode sign -pkcs11module /usr/lib/x86_64-linux-gnu/libykcs11.so -key "pkcs11:serial=XXX" -askpass -certs chain.crt -h sha256 -ts http://ts.ssl.com shim-unsigned.cab shim-unsigned.signed.cab

echo "pronouns: he/him" | gpg --clearsign | mail changes@db.debian.org

debug1: found 4 insecure fingerprints in DNS
debug3: verify_host_key_dns: checking SSHFP type 1 fptype 2
debug3: verify_host_key_dns: checking SSHFP type 4 fptype 2
debug1: verify_host_key_dns: matched SSHFP type 4 fptype 2
debug3: verify_host_key_dns: checking SSHFP type 4 fptype 1
debug1: verify_host_key_dns: matched SSHFP type 4 fptype 1
debug3: verify_host_key_dns: checking SSHFP type 1 fptype 1
debug1: matching host key fingerprint found in DNS

#! /usr/bin/python
# -* coding: utf-8 -*-

import time
import sys

# format is:
# [TIMESTAMP] COMMAND_NAME;argument1;argument2;…;argumentN
#
# For passive checks, we want PROCESS_SERVICE_CHECK_RESULT with the
# format:
#
# PROCESS_SERVICE_CHECK_RESULT;<host_name>;<service_description>;<return_code>;<plugin_output>
#
# return code is 0=OK, 1=WARNING, 2=CRITICAL, 3=UNKNOWN
#
# Read lines from stdin with the format:
# $HOSTNAME\t$SERVICE_NAME\t$RETURN_CODE\t$TEXT_OUTPUT

if len(sys.argv) != 2:
    print "Usage: {0} HOSTNAME".format(sys.argv[0])
    sys.exit(1)
HOSTNAME = sys.argv[1]

timestamp = int(time.time())
nagios_cmd = file("/var/lib/nagios3/rw/nagios.cmd", "w")
for line in sys.stdin:
    (_, service, return_code, text) = line.split("\t", 3)
    nagios_cmd.write(u"[{timestamp}] PROCESS_SERVICE_CHECK_RESULT;{hostname};{service};{return_code};{text}\n".format
                     (timestamp = timestamp,
                      hostname = HOSTNAME,
                      service = service,
                      return_code = return_code,
                      text = text))

<% for host in @nodes %>
command="/usr/local/lib/nagios/nagios-passive-check-result <%= host[:hostname] %>",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa <%= host[:keys][:ssh][:host_rsa_public] %> <%= host[:hostname] %>
<% end %>

nodes = []
search(:node, "*:*") do |n|
  # Ignore not-yet-configured nodes                                                                       
  next unless n[:hostname]
  next unless n[:nagios]
  next if n[:nagios].has_key?(:ignore)
  nodes << n
end
nodes.sort! { |a,b| a[:hostname] <=> b[:hostname] }
print nodes

template "/etc/ssh/userkeys/nagios" do
  source "authorized_keys.erb"
  mode 0400
  variables({
              :nodes => nodes
            })
end

cookbook_file "/usr/local/lib/nagios/nagios-passive-check-result" do
  mode 0555
end

user "nagios" do
  action :manage
  shell "/bin/sh"
end

printf "$HOSTNAME\t$SERVICE_NAME\t$RET\t$TEXT\n" | ssh -i /etc/ssh/ssh_host_rsa_key -o BatchMode=yes -o StrictHostKeyChecking=no -T nagios@$NAGIOS_SERVER

Defaults!/usr/bin/ssh-add env_keep += "SSH_AUTH_SOCK"
%support ALL=(root)  NOPASSWD: /usr/bin/ssh-add /var/local/support-ssh/id_rsa

if [ -n "$(groups | grep -E "(^| )support( |$)")" ]; then
    export SSH_AUTH_ENV="$HOME/.ssh/agent-env"
    if [ -f "$SSH_AUTH_ENV" ]; then
        . "$SSH_AUTH_ENV"
    fi
    ssh-add -l >/dev/null 2>&1
    if [ $? = 2 ]; then
        mkdir -p "$HOME/.ssh"
        rm -f "$SSH_AUTH_ENV"
        ssh-agent > "$SSH_AUTH_ENV"
        . "$SSH_AUTH_ENV"
    fi
    sudo ssh-add /var/local/support-ssh/id_rsa
fi

define is_master ref refs/heads/master
allow "Devs can push" op_is_basic is_master

%define v_rc
%define vd_rc %{?v_rc:-%{?v_rc}}

%define v_rc %{nil}
%define vd_rc %{?v_rc:-%{?v_rc}}

%define v_rc %{nil}
%if 0%{?v_rc} != 0
%define vd_rc %{?v_rc:-%{?v_rc}}
%endif

# %define v_rc ""

method=>"login"
input_type=>"JSON"
response_type=>"JSON"
rest_data=>json($params)

user_auth => {
            user_name => $USERNAME,
            password => $PW,
            version => "1.2",
},
application => "foo",

{
     "id":"<hex session id>,
     "module_name":"Users",
     "name_value_list": {
             "user_id": {
                     "name":"user_id",
                     "value":"1"
             },
             "user_name": {
                     "name":"user_name",
                     "value":"<username>"
             },
             "user_language": {
                     "name":"user_language",
                     "value":"en_us"
             },
             "user_currency_id": {
                     "name":"user_currency_id",
                 "value":"-99"
             },
             "user_currency_name": {
                     "name":"user_currency_name",
                     "value":"Euro"
             }
     }
}

{
     "id":"<hex session id>,
     "user_id": 1,
     "user_name": "<username>,
     "user_language":"en_us",
     "user_currency_id": "-99",
     "user_currency_name": "Euro"
}

method=>"get_entry_list",
input_type=>"JSON",
response_type=>"JSON",
rest_data=>to_json([
            $sid,
            $module,
            $where,
            "",
            $next,
            $fields,
            $links,
            1000
])

{
    "result_count" : 16,
    "relationship_list" : [],
    "entry_list" : [
       {
          "name_value_list" : {
             "rt_status_c" : {
                "value" : "resolved",
                "name" : "rt_status_c"
             },
             […]
          },
          "module_name" : "Opportunities",
          "id" : "<entry_uuid>"
       },
       […]
    ],
    "next_offset" : 16
}

method=>"set_entry",
input_type=>"JSON",
response_type=>"JSON",
rest_data=>to_json([
    $sid,
    "Opportunities",
    $fields
])

{
    "rt_status_c" : "resolved",
    "id" : "<status text>"
}

TLS init def ctx failed: -207

require curl;

sub vcl_recv {
    curl.fetch("http://authserver/validate?key=" + regsub(req.url, ".*key=([a-z0-9]+), "\1"));
    if (curl.status() != 200) {
        error 403 "Go away";
    }
}

deb https://downloads.maemo.nokia.com/fremantle/ssu/apps/ ./ 
deb https://downloads.maemo.nokia.com/fremantle/ssu/mr0 ./ 
deb https://downloads.maemo.nokia.com/fremantle/ovi/ ./ 
deb http://repository.maemo.org/extras/ fremantle free non-free
deb http://repository.maemo.org/extras-devel/ fremantle free non-free

# pv -rb < /dev/random > /dev/null  
17.5kB [4.39kB/s] 

varnishlog -o -c | perl -ne 'BEGIN { $/ = "";} print if
(/RxURL.*jpg$/m and /VCL_call.*recv pass/);'

qurzaw (0.0.0.0)                                                 Fri Nov 28 21:34:28 2008
Keys:  Help   Display mode   Restart statistics   Order of fields   quit

                             Last  60 pings
 1. 10.125.123.1             ............................................................
 2. 10.84.0.1                .??????.......??????.......??????......???????......??????..
 3. c9110002.virtua.com.br   .????????.....??????..?..?????????..??????????.?..?.??????.?
 4. embratel-G2-0-1-ngacc01. .??????.......??????.......??????......???????......??????..
 5. ebt-T0-5-5-0-21-tcore01. .??????.......??????.......??????......??????.......??????..
 6. 200.230.251.133          .??????.......??????.......??????......??????.......??????.?
 7. 200.230.251.154          .??????.......??????....?.???????......??????.......??????..
 8. ebt-G4-2-intl03.rjo.embr .??????.......??????......???????......??????.......??????..
 9. ebt-ge-5-2-0-intl02.mian .??????......???????......???????......??????.......??????..
10. p4-1-0-3.r01.miamfl02.us .??????......???????...?..???????......??????.?.....??????..
11. xe-1-3-0.r20.miamfl02.us .??????......???????......??????.......??????.....>.??????..
12. as-2.r21.asbnva01.us.bb. .??????......???????......??????.......??????.?...>.??????.
13. po-4.r05.asbnva01.us.bb. ???????.?.????????????...??????????..????????.???.?????????
14. 64.208.110.253           ???????......???????......??????.......??????..?...???????.
15. 208.178.61.66            ???????......???????......??????.......??????......???????.
16. vlan1455-10ge.c1.hmg.osl ???????......??????.......??????.......??????....>.???????.
17. c1.hmg.osl.no.webdealnet ???????......??????.......??????.......??????......???????.
18. vuizook.err.no           ??????.......??????.......??????.......??????......??????..

Scale:  .:41 ms  1:101 ms  2:161 ms  3:301 ms  a:661 ms  b:1002 ms  c:1602 ms

You are in a mall when zombies attack. You have:
1. One weapon
2. One song blasting on the speakers
3. One famous person to fight along side you.

The only backup program that doesn't make backups!

Host backup-$hostname
Hostname $backupserver.err.no
User backup-$hostname
IdentityFile /root/.ssh/id_rsa_rdup
ProxyCommand pv -L 40k -q | nc %h %p

command="/usr/local/bin/rdup-ssh-wrapper",no-pty,no-port-forwarding,no-agent-forwarding,no-X11-forwarding ssh-rsa AAAAB3N

15:58 [Canonical] -!- Irssi: Disconnecting from server irc.canonical.com: [kthxbye!]
15:58 [Canonical] -!- Irssi: Connection lost to irc.canonical.com

openssl x509 -x509toreq -in cacert.crt \
  -signkey cakey.key -out renew.pem

openssl x509 \
  -extfile openssl.cnf \
  -extensions v3_ca \
  -CA cacert.crt -CAkey cakey.key \
  -set_serial 0 -days 365 \
  -req -in renew.pem -out newcacert.pem

: tfheen@thosu ~ > history 1|awk '{print $2}'|awk 'BEGIN {FS="|"} {print $1}'|sort|uniq -c | sort -nr |head -n 10
  21477 ls
  18170 cd
  10640 ssh
   9257 sudo
   5559 less
   3015 grep
   2407 bzr
   2101 ps
   1980 man
   1980 debuild

    e_utf8_strftime (buffer, sizeof (buffer), _("%m/%d/%Y"), &tmp_tm);

        Option          "XkbOptions"    "compose:caps"

Package: hwinfo
[...]
Version: 8.38-3

\lstset{
basicstyle=\small,
showstringspaces=false,
language={},
breaklines=true,
breakatwhitespace=true,
prebreak={\mbox{\hfill$\hookleftarrow$}}}

(hoary-clean)root@shonap:/tmp# cat hello.c
#include <stdio.h>

int main(int argc, char **argv) {
  fprintf(stderr, "hello multiarched world\n");
}
(hoary-clean)root@shonap:/tmp#

(hoary-clean)root@shonap:/tmp# ls /usr/include/stdio.h
ls: /usr/include/stdio.h: No such file or directory
(hoary-clean)root@shonap:/tmp# ls /usr/include/i386-linux/stdio.h
/usr/include/i386-linux/stdio.h
(hoary-clean)root@shonap:/tmp#

(hoary-clean)root@shonap:/tmp# ls /usr/lib/libc.so /lib/libc.so.6
ls: /usr/lib/libc.so: No such file or directory
ls: /lib/libc.so.6: No such file or directory
(hoary-clean)root@shonap:/tmp# ls -1 /usr/lib/i386-linux/libc.so /lib/i386-linux/libc.so.6
/lib/i386-linux/libc.so.6
/usr/lib/i386-linux/libc.so
(hoary-clean)root@shonap:/tmp#

(hoary-clean)root@shonap:/tmp# gcc-3.4 hello.c -o hello
(hoary-clean)root@shonap:/tmp# file hello
hello: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for
GNU/Linux 2.2.0, dynamically linked (uses shared libs), not stripped
(hoary-clean)root@shonap:/tmp# ldd hello
                libc.so.6 => /lib/i386-linux/libc.so.6 (0xb7eb1000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0xb7fea000)
(hoary-clean)root@shonap:/tmp#
(hoary-clean)root@shonap:/tmp# ./hello
hello multiarched world
(hoary-clean)root@shonap:/tmp#

root@shonap:/# ls -l /lib/libc-* /lib/ld-linux.so.2
ls: /lib/libc-*: No such file or directory
lrwxrwxrwx  1 root root 22 Jan 25 18:56 /lib/ld-linux.so.2 -> i386-linux/ld-2.3.2.so
root@shonap:/# ls /lib/i386-linux/
ld-2.3.2.so               libm.so.6               libnss_nisplus-2.3.2.so
ld-linux.so.2             libmemusage.so          libnss_nisplus.so.2
libBrokenLocale-2.3.2.so  libnsl-2.3.2.so         libpcprofile.so
libBrokenLocale.so.1      libnsl.so.1             libpthread-0.10.so
libSegFault.so            libnss_compat-2.3.2.so  libpthread.so.0
libanl-2.3.2.so           libnss_compat.so.2      libresolv-2.3.2.so
libanl.so.1               libnss_dns-2.3.2.so     libresolv.so.2
libc-2.3.2.so             libnss_dns.so.2         librt-2.3.2.so
libc.so.6                 libnss_files-2.3.2.so   librt.so.1
libcrypt-2.3.2.so         libnss_files.so.2       libthread_db-1.0.so
libcrypt.so.1             libnss_hesiod-2.3.2.so  libthread_db.so.1
libdl-2.3.2.so            libnss_hesiod.so.2      libutil-2.3.2.so
libdl.so.2                libnss_nis-2.3.2.so     libutil.so.1
libm-2.3.2.so             libnss_nis.so.2

Ran 75 tests in 0.349s

FAILED (failures=57, errors=2)

Ran 75 tests in 0.450s

OK

print "<DIV CLASS=\"caption\">";
my $tmp = &htmlize_caption ($info{$pathname}{'comment'}, 'slide');
print $tmp;
print "</DIV>\n";

print qq[<DIV CLASS="caption">],
      htmlize_caption($info{$pathname}{'comment'}, 'slide'),
      qq[</DIV>\n];

printf qq[<DIV CLASS="caption">%s</DIV>], 
          htmlize_caption($info{$pathname}{'comment'}, 'slide');

__author__ = "Tollef Fog Heen"
__version__ = "0 (2004-11-01)"
__url__ = "http://err.no/personal/blog"

def cb_postformat(args):
    request = args["request"]
    entry_data = args["entry_data"]
    for k in entry_data.keys():
        entry_data[k] = entry_data[k].replace("&hellip;", "&#8230;")

7122 root      15   0  660m 332m 4692 D  0.0 43.8   8:18.64 spamd
7123 nobody    15   0  287m 257m 4692 D  0.0 34.0   0:17.01 spamd

 : tfheen@yiwaz ..xternal/pkg-mailman/trunk > svn up    
 svn: Working copy '.' locked
 svn: run 'svn cleanup' to remove locks (type 'svn help cleanup' for details)
 : tfheen@yiwaz ..xternal/pkg-mailman/trunk > 

  : tfheen@yiwaz ..xternal/pkg-mailman/trunk > svn cleanup
  svn: In directory ''
  svn: Error processing command 'delete-entry' in ''
  svn: Working copy 'upstream' not locked
  : tfheen@yiwaz ..xternal/pkg-mailman/trunk > 

  : tfheen@yiwaz ..kg-mailman/trunk/upstream > svn up
  svn: Invalid editor anchoring; at least one of the input paths is not a directory and there was no source entry
  : tfheen@yiwaz ..kg-mailman/trunk/upstream > 

// Check for new mail in ALL imap folders
user_pref("mail.check_all_imap_folders_for_new", true);

 GRAYLIST_TEST = SELECT CASE \
                  WHEN now() - block_expires > 0 THEN 2 \
                  ELSE 1 \
                 END \
                 FROM relaytofrom \
                 WHERE relay_ip='${quote_pgsql:$sender_host_address}' \
                 AND from_domain='${quote_pgsql:$sender_address_domain}'

 GRAYLIST_ADD  = INSERT INTO relaytofrom (relay_ip, from_domain) \
                 VALUES ( '${quote_mysql:$sender_host_address}', \
                 '${quote_mysql:$sender_address_domain}')

 hide pgsql_servers = localhost/greylisting/exim/password

  warn    set acl_m7 = ${lookup pgsql{GRAYLIST_TEST}{$value}{0}}

  defer   message = Greylisted - please try again a little later
          condition      = ${if eq{$acl_m7}{0}{1}}
          condition      = ${lookup pgsql{GRAYLIST_ADD}{yes}{no}}
  defer   condition      = ${if eq{$acl_m7}{1}{1}}

create table relaytofrom
(
        id              serial,
        relay_ip        inet,
        from_domain     varchar(255), 
        block_expires   timestamp default now()+(interval '60 seconds')
                        NOT NULL,
        record_expires  timestamp default now()+(interval '1 week')
                        NOT NULL,
        origin_type     varchar(16) DEFAULT 'AUTO'
                        CHECK (origin_type in ('MANUAL','AUTO')) NOT NULL,
        create_time     timestamp        default now() NOT NULL
);

 #! /bin/sh -e

 #exec > /tmp/commit.log  2>&1 

 HOME=/home/tfheen
 CVSROOT="$HOME/cvsroot"
 SVNROOT="$HOME/svn"

 TMPDIR=$(tempfile --prefix syncdotfiles)

 rm -f "$TMPDIR"
 mkdir $TMPDIR
 cd $TMPDIR

 # ok, now we are fairly safe.

 cvs -d "$CVSROOT" co dotfiles
 svn export --force file://$SVNROOT/trunk/dotfiles

 cd dotfiles

 for file in $(find -type f -not -path \*CVS\*); do
     FILE=$(basename $file)
     DIR=$(dirname $file)
     if ! grep -q "^/$FILE/" $DIR/CVS/Entries ; then 
         cvs add $file
     fi
 done

 cvs commit -m"Automatic commit from SVN"

 rm -rf $TMPDIR

 [tfheen_delayed]
 method = scp
 fqdn = gluck.debian.org
 incoming = ~tfheen

        for i in elist[:]:
            if ".svn" in i:
                elist.remove(i)

        elist = tools.Walk(root)
        elist = [mem[len(root):] for mem in elist]

def cb_prepare(args):
    request = args["request"]
    data = request.getData()
    for entry in data['entry_list'][:]:
        filename = entry.get('filename')
        if "/.svn" in filename:
            data['entry_list'].remove(entry)

     deny message = This message was classified as SPAM
       spam = nobody:true
       condition = ${if >={$spam_score_int}{100}}{1}{0}}

     deny message = This message was classified as SPAM
       spam = nobody:true
       condition = ${if and {\
                 {!match{$recipients}{tfheen@err.no}}\
                 {!match{$sender_address}{tfheen@debian.org}}\
                 {>={$spam_score_int}{100}}\
                 }{1}{0}}

     warn message = X-err-Devnull: spam
             log_message = Eaten by spam filter \
                         (score=$spam_score, req=10.0)
             spam = nobody

# A special driver that redirect "X-err-Devnull"-ed mail (spam and
# virus sent to mailing lists, see the DATA ACLs) to /dev/null

err_devnull:
        driver = accept
        condition = ${if def:h_X-err-Devnull: {1}{0}}
        transport = devnull

# Archive the mail in /dev/null
devnull:
  debug_print = "T: devnull for $local_part@$domain"
  driver = appendfile
  file = /dev/null

def cb_preformat(args):
    if args['parser'] == PREFORMATTER_ID and \
           args['request'].getData()['flavour'] == "html":
        return parse(''.join(args['story']))
    else:
        return ''.join(args['story']).replace("&amp;amp;","&amp;")

Architecture	Downloads	%	% (with all excluded)
i386	1204913	74.29	96.46
all	372858	22.99
powerpc	23226	1.43	1.86
ia64	8984	0.55	0.72
sparc	4860	0.30	0.39
hppa	2326	0.14	0.19
alpha	2094	0.13	0.17
amd64	1822	0.11	0.15
mipsel	407	0.03	0.03
mips	248	0.02	0.02
arm	219	0.01	0.02
s390	2	0.00	0.00
m68k	2	0.00	0.00

Blogs on Here be dragons

Signing UEFI submissions using osslsigncode

Pronoun support in userdir-ldap

DNSSEC, ssh and VerifyHostKeyDNS

Blog moved, new tech

Temperature monitoring using a Beaglebone Black and 1-wire

Resigning as a Debian systemd maintainer

Redirect loop with interaktiv.nsb.no (and how to fix it)

Fingerprints as lightweight authentication

Getting rid of NSCA using Python and Chef

An otter, please (or, a better notification system)

Sharing an SSH key, securely

Abusing sbuild for fun and profit

FOSDEM talk: systemd in Debian

Gitano – git hosting with ACLs and other shininess

Driving Jenkins using YAML and a bit of python

Automating managing your on-call support rotation using google docs

Today's rant about RPM

The SugarCRM rest interface

Bizarre slapd (and gnutls) failures

libvmod_curl – using cURL from inside Varnish Cache

Upgrading Alioth

My Varnish is leaking memory

Temperature logging with 1-wire

First impressions of the Kenwood AT641

The Bridge of Allan, Ben Nevis

Why I think you should publish your infrastructure

A small explanation about the yubikey

Upgrading freedesktop.org hosts

How free is the N900?

Moving SMS-es and contacts from iphone to N900

N900 – first impressions

ekey happiness

Package workflow

Distributing entropy

Airport WLAN woes

Rendering GPX files using libchamplain and librest

varnishlog's poor man's filtering language

Ruby/Gems packaging (it's java all over again)

!Internet

How to handle reference material in a VCS?

network configuration tools, for complex networks

Things to do on a Friday night

Collaborative editing, Emacs and D-Bus

eweouz 0.2 released

eweouz 0.1 released

Kernel patches and the TEMPer USB thermometer

eweouz (bbdb-a-like) working

Zombie meme

New backup system!

Changing jobs

pkg-config, sonames and Requires.private

Default sudo configuration in Ubuntu

Achievo and sticky projects

Choosing a nonce in CTR mode

Button pushes you!

Renewing CA certificates

Killing hold periods

Triggering a flash by hand

Infinite monkeys

Project codenames

Making pancakes

Lucky number

Strength of asymmetric and symmetric encryption algorithms

Things to remember when doing hardware maintenance:

contentless_ping.pl 0.3 released

Locally administrated MAC addresses

A moderately complicated OpenWRT setup

Initial impressions of the Samsung Z5F

Javascript, Greasemonkey and clipboards

Live CD on disk

A replacement for screen. Ish.

Releasing Ubuntu

Contentless ping annoying

The Top Ten Unix Shell Commands

Švyturys 1784 Ekstra

Formulating iCalendar in SQL

Common mistakes foreigners make when writing English

X broken in Dapper

Ubuntu dapper for SPARC released