The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,862 other subscribers

Archive for the ‘*nix’ Category

« Previous Entries
Next Entries »

Linux: See Bandwidth Usage Per Process With Nethogs Tool – nixCraft

Posted by jpluimers on 2018/08/24

This tutorial explains how to find out network bandwidth usage per process in real time using nethogs tool under Linux operating systems.

Cool tool!

Source: [WayBackLinux: See Bandwidth Usage Per Process With Nethogs Tool – nixCraft

An alternative is iftop – Wikipedia.

via:

–jeroen

Posted in *nix, *nix-tools, Linux, openSuSE, Power User, RedHat, SuSE Linux, Tumbleweed | Leave a Comment »

when bind named service hasn’t started after OpenSuSE Tumbleweed boots

Posted by jpluimers on 2018/08/20

A while ago, named would not start any more after I rebooted my Tumbleweed systems.

I had this behaviour on multiple systems, each installed quite a while ago and kept up-to-date with zypper dist-upgrade so it looked like a systematic issue.

Below are steps in researching the problem together with the helpful people on the IRC channel opensuse-factory.

Background reading for some of the commands: [WayBackHow To Use Systemctl to Manage Systemd Services and Units | DigitalOcean.

Both systemctl status named.service and systemctl status named would show the same output:

# systemctl status named
● named.service - LSB: Domain Name System (DNS) server, named
   Loaded: loaded (/etc/init.d/named; generated; vendor preset: disabled)
   Active: inactive (dead)
     Docs: man:systemd-sysv-generator(8)

Getting the log from events around a reboot would show a successful shutdown, but no start:

# journalctl --unit named --catalog --pager-end

Apr 28 13:19:27 laurel systemd[1]: Stopping LSB: Domain Name System (DNS) server, named...
-- Subject: Unit named.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit named.service has begun shutting down.
Apr 28 13:19:28 laurel named[20360]: no longer listening on 192.168.124.27#53
Apr 28 13:19:28 laurel named[20360]: no longer listening on 192.168.124.27#53
Apr 28 13:19:32 laurel named[20360]: received control channel command 'stop'
Apr 28 13:19:32 laurel named[20360]: shutting down: flushing changes
Apr 28 13:19:32 laurel named[20360]: stopping command channel on 127.0.0.1#953
Apr 28 13:19:32 laurel named[20360]: no longer listening on ::#53
Apr 28 13:19:32 laurel named[20360]: no longer listening on ::#53
Apr 28 13:19:32 laurel named[20360]: no longer listening on 127.0.0.1#53
Apr 28 13:19:32 laurel named[20360]: no longer listening on 127.0.0.1#53
Apr 28 13:19:32 laurel named[20360]: exiting
Apr 28 13:19:34 laurel named[30705]: Shutting down name server BIND  waiting for named to shut down ..done
Apr 28 13:19:34 laurel systemd[1]: Stopped LSB: Domain Name System (DNS) server, named.
-- Subject: Unit named.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit named.service has finished shutting down.

Similar results in these files:

  • /var/lib/named/log/general.log

28-Apr-2017 13:19:32.465 general: shutting down: flushing changes
28-Apr-2017 13:19:32.468 general: stopping command channel on 127.0.0.1#953
28-Apr-2017 13:19:32.622 general: exiting

  • /var/lib/named/log/named.log

28-Apr-2017 13:19:32.489 network: no longer listening on ::#53
28-Apr-2017 13:19:32.489 network: no longer listening on 127.0.0.1#53

With systemctl, I got this:

# systemctl is-enabled named
named.service is not a native service, redirecting to systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install is-enabled named
enabled
# systemctl is-active named
inactive
# systemctl is-failed named
inactive

After this, I was out of systemd and sysv knowledge, so I asked for help on the #openSUSE-factory IRC channel, where ismail was of great help.

Read the rest of this entry »

Posted in *nix, *nix-tools, bind-named, Linux, openSuSE, Power User, SuSE Linux, Tumbleweed | Leave a Comment »

How to tell if your site is served via CloudFlare | Igor’s Blog

Posted by jpluimers on 2018/08/10

Based on [Wayback/Archive.isHow to tell if your site is served via CloudFlare | Igor’s Blog, I’ve changed the script a little bit.

I’ve tested it with one of the domains from the Cloudbleed list (a pretty OK indication the site is using cloudflare) and a the example.org site that does not:

# curl -sI https://feedly.com | grep "Server\|__cfduid\|CF-RAY"
Set-Cookie: __cfduid=d779ee6e244349cf06e2707771a9185e21492589239; expires=Thu, 19-Apr-18 08:07:19 GMT; path=/; domain=.feedly.com; HttpOnly
Server: cloudflare-nginx
CF-RAY: 351e5e9af8971497-AMS
# curl -sI https://example.org | grep "Server\|__cfduid\|CF-RAY"
Server: ECS (ewr/15BD)

Domain Source: [Wayback/Archive] pirate/sites-using-cloudflare: Archived list of domains using Cloudflare DNS at the time of the CloudBleed announcement

–jeroen

via: [WayBack] https://www.igorkromin.net/index.php/2017/04/18/how-to-tell-if-your-site-is-served-via-cloudflare/ – Joe C. Hecht – Google+

 

Posted in *nix, *nix-tools, Cloud, Cloudflare, cURL, Hosting, Infrastructure, Power User | Leave a Comment »

How I use Wireshark – Julia Evans

Posted by jpluimers on 2018/08/03

Cool set of steps on [WayBackHow I use Wireshark – Julia Evans who uses the combination of tcpdump to dump traffic in pcap files and Wireshark to analyse the pcap files after copying them using scp. On many platforms, Wireshark can also capture the ptrace files for you.

Via: [WayBack] 🔎Julia Evans🔍 on Twitter: “how I use Wireshark https://t.co/j699JXrjaH” which has some nice comments including:

  • adding ptrace to your tool-kit
  • not needing scp for copying, as you can do [WayBack] dumpcap over an existing ssh connection:
    • You might like this snippet, saves you the need to do the scp dance: wireshark -k -i <(ssh <IP> "sudo dumpcap -P -w - -f 'not tcp port 22'")

–jeroen

Posted in *nix, *nix-tools, Conference Topics, Conferences, Event, Power User, Wireshark | Leave a Comment »

A cheat-sheet for password crackers

Posted by jpluimers on 2018/07/30

Interesting: [WayBackA cheat-sheet for password crackers

Via: [WayBackJoe C. Hecht – Google+

–jeroen

Posted in *nix, *nix-tools, Hashing, md5, Power User, Security, SHA, SHA-256, SHA-512 | Leave a Comment »

Just I in case I need to port CombineApacheConfig.py to OpenSuSE properly

Posted by jpluimers on 2018/07/24

I came across a nice tool that combines httpd.conf files:

python CombineApacheConfig.py /etc/apache2/httpd.conf /tmp/apache2.combined.conf

In case I ever need to fully port it to OpenSuSE, I’ve put it in the gist below.

For now it works fine on OpenSuSE when used with the above command. I might make the default depend on the kind of nx it runs on.

via:

–jeroen

Read the rest of this entry »

Posted in *nix, *nix-tools, Apache2, Development, Linux, openSuSE, Power User, Python, Scripting, Software Development, SuSE Linux | Leave a Comment »

Use TLS 1.2 or higher, as TLS 1.1 is phased out on many sites, after TLS 1.0/SLL has been disabled by most for a while now

Posted by jpluimers on 2018/07/23

If you get an error like this in one of your tools

OpenSSL: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version

it means you are using a tool not yet properly supporting TLS 1.2 or higher.

Or in other words: update your tool set.

The reason is that – after turning off TLS 1.0 a while ago – more and more sites do the same for TLS 1.1.

A prime example of a site that warned on this in a clear way very early on is github:

Others have done this too, for instance:

TLS 1.0 is vulnerable to many attacks, and certain configurations of TLS 1.1 as well (see for instance [WayBack] What are the main vulnerabilities of TLS v1.1? – Information Security Stack Exchange), which means that properly configuring the non-vulnerable TLS 1.1 over times gets more and more complex. An important reason to say goodbye to that as well, as TLS 1.2 (from 2008) is readily available for a long time. The much more recent TLS 1.3 (from 2018) will take a while to proliferate.

I ran in the above error because on one of my systems, an old version of wget was luring around, so I dug up the easiest place to download recent Windows binaries for both win32 (x86) and win64 (x86_64):

[WayBack] eternallybored.org: GNU Wget for Windows having a table indicating the OpenSSL version for each wget build.

–jeroen

Reference: Transport Layer Security – Wikipedia: History and development

Posted in *nix, https, HTTPS/TLS security, OpenSSL, Power User, Security, wget | Leave a Comment »

(35) Enabling New Hardware in U-Boot – Jon Mason, Broadcom Ltd. – YouTube

Posted by jpluimers on 2018/07/20

Lots of interesting information, especially these discussions where Alexander Graf chipped in:

The hand off of the boot loader to the actual OS payload. The payload and U-boot are in memory running at the same time. The payload can call back into U-boot through the uEFI API that U-boot implements so that the payload provides extra drivers enabling for instance a subsequent graphical stage (splash screen, menus, etc), more hardware access and so on. You even could pass ACPI tables through U-boot to the payload and help shooting yourself in the foot.

Important aspects for upstreaming:

  • keep commits short so they are easy to review
  • make sure patches are always rebaseable for each and every commit set (so it compiles throughout)
  • this tremendously helps doing a git bisect
  • it makes adding features that other parts depend on hard: you need to think on chicken & egg situations in advance

–jeroen

 

Posted in *nix, Development, Hardware Development, Linux, Power User, Software Development, U-Boot | Leave a Comment »

PowerShell on Mac OS X and other non-Windows systems

Posted by jpluimers on 2018/07/17

I wasn’t expecting it to be so easy to install PowerShell on Mac OS X:

brew install Caskroom/cask/powershell

In the background it executes this script: https://github.com/caskroom/homebrew-cask/blob/master/Casks/powershell.rb. which indirectly goes through the URL template https://github.com/PowerShell/PowerShell/releases/download/v#{version}/powershell-#{version}.pkg.

On other non-Windows systems, you have to go through GitHub yourself: https://github.com/powershell/PowerShell. The PowerShell team at Microsoft has many more repositories including the Win32-OpenSSH port which you can find through https://github.com/PowerShell.

At the time of writing, PowerShell was available for these platforms:

Platform Downloads How to Install
Windows 10 / Server 2016 (x64) .msi Instructions
Windows 8.1 / Server 2012 R2 (x64) .msi Instructions
Windows 7 (x64) .msi Instructions
Windows 7 (x86) .msi Instructions
Ubuntu 16.04 .deb Instructions
Ubuntu 14.04 .deb Instructions
CentOS 7 .rpm Instructions
OpenSUSE 42.1 .rpm Instructions
Arch Linux Instructions
Many Linux distributions .AppImage Instructions
macOS 10.11 .pkg Instructions
Docker Instructions

The first version I installed on Mac OS X was this: ==> Downloading https://github.com/PowerShell/PowerShell/releases/download/v6.0.0-alpha.17/powershell-6.0.0-alpha.17.pkg

By now I really hope it is out of Alpha state.

–jeroen

via:

Posted in *nix, Apple, CommandLine, Development, iMac, Linux, Mac, Mac OS X / OS X / MacOS, MacBook, MacBook Retina, MacBook-Air, MacBook-Pro, MacMini, openSuSE, Power User, PowerShell, PowerShell, Scripting, Software Development, SuSE Linux, Ubuntu | Leave a Comment »

How I made my own VPN server in 15 minutes | TechCrunch

Posted by jpluimers on 2018/07/13

People are (rightfully) freaking out about their privacy as the Senate voted to let internet providers share your private data with advertisers. While it’s important to protect your privacy,…

Interesting: easy setup allows for creating disposable VPN servers.

–jeroen

Posted in *nix, IPSec, Network-and-equipment, Power User, VPN | Leave a Comment »

« Previous Entries
Next Entries »