diff --git a/blog/index.xml b/blog/index.xml index 9d1ca1df..c6191db5 100644 --- a/blog/index.xml +++ b/blog/index.xml @@ -1,4 +1,4 @@ -Blog Posts on Sam Stelfoxhttps://stelfox.net/blog/Recent content in Blog Posts on Sam StelfoxHugo 0.125.2en-USWed, 10 May 2023 22:41:02 -0400Podman Socket Compatibility for Metalk8shttps://stelfox.net/blog/2023-05-10-podman-socket-compatibility/Wed, 10 May 2023 22:41:02 -0400https://stelfox.net/blog/2023-05-10-podman-socket-compatibility/I’ve long appreciated what a project called metalk8s has been doing… Making Kubernetes run in an opinionated way for private data centers. I don’t agree with all their opinions but it’s open source and customizable. There is a problem though… +Blog Posts on Sam Stelfoxhttps://stelfox.net/blog/Recent content in Blog Posts on Sam StelfoxHugoen-USWed, 10 May 2023 22:41:02 -0400Podman Socket Compatibility for Metalk8shttps://stelfox.net/blog/2023-05-10-podman-socket-compatibility/Wed, 10 May 2023 22:41:02 -0400https://stelfox.net/blog/2023-05-10-podman-socket-compatibility/I’ve long appreciated what a project called metalk8s has been doing… Making Kubernetes run in an opinionated way for private data centers. I don’t agree with all their opinions but it’s open source and customizable. There is a problem though… The docker binary and daemon are largely being replaced and deprecated in favor of podman in the RedHat distros that metalk8s targets. I fully support this change, podman is a great open source tool that listens to user feedback and has far outstripped Docker in capabilities and security features.Combining "Subscribers" in Rust's Tracing Libraryhttps://stelfox.net/blog/2023-03-13-chained-tracing-subscribers/Thu, 13 Apr 2023 20:51:02 -0400https://stelfox.net/blog/2023-03-13-chained-tracing-subscribers/Tracing is a fantastic Rust library that I’ve found immensely useful, but I feel its documentation and API could still use a bit of polish. At first glance, the distinctions and roles of Subscribers, Layers, Filters, and Writers seem clear and well-documented. But when dealing with less common use cases, understanding their interactions and handling trait-based errors can become challenging. So, I’m thinking I need multiple “Subscribers” for the various events being traced, right?Logical Volume in Usehttps://stelfox.net/blog/2020-02-23-logical-volume-in-use/Sun, 23 Feb 2020 20:09:02 -0400https://stelfox.net/blog/2020-02-23-logical-volume-in-use/While attempting to automate some filesytem creation that involved LVM I kept running into an issue occasionally with some holding open the logical volumes. I would attempt to disable the volume using the following command: $ lvchange -an system/storage Logical volume system/storage contains a filesystem in use. All of the mounts for the filesystems that were on the volume were unmounted, so it must have been a process. The trick to finding this out is to query all the processes mount files to find out what is holding this open.Extracting Dracut Built initramfshttps://stelfox.net/blog/2020-02-18-extracting-dracut-initramfs/Tue, 18 Feb 2020 18:42:02 -0500https://stelfox.net/blog/2020-02-18-extracting-dracut-initramfs/It’s been a hot second since I’ve dived into the lands of initramfs and since then it seems like things have gotten more complicated. This is the way of things in tech and usually has a good reason. The simple way that used to work wonders (and is still required) to start with, was to identify if the file is compressed: diff --git a/categories/index.xml b/categories/index.xml index b25259cc..a3c00a37 100644 --- a/categories/index.xml +++ b/categories/index.xml @@ -1 +1 @@ -Categories on Sam Stelfoxhttps://stelfox.net/categories/Recent content in Categories on Sam StelfoxHugo 0.125.2en-US \ No newline at end of file +Categories on Sam Stelfoxhttps://stelfox.net/categories/Recent content in Categories on Sam StelfoxHugoen-US \ No newline at end of file diff --git a/files/sam_stelfox_cv.pdf b/files/sam_stelfox_cv.pdf index 31e10724..56d7e22c 100644 Binary files a/files/sam_stelfox_cv.pdf and b/files/sam_stelfox_cv.pdf differ diff --git a/index.xml b/index.xml index 9ea0659d..2f91a94f 100644 --- a/index.xml +++ b/index.xml @@ -1,4 +1,4 @@ -Sam Stelfoxhttps://stelfox.net/Recent content on Sam StelfoxHugo 0.125.2en-USWed, 10 May 2023 22:41:02 -0400Podman Socket Compatibility for Metalk8shttps://stelfox.net/blog/2023-05-10-podman-socket-compatibility/Wed, 10 May 2023 22:41:02 -0400https://stelfox.net/blog/2023-05-10-podman-socket-compatibility/I’ve long appreciated what a project called metalk8s has been doing… Making Kubernetes run in an opinionated way for private data centers. I don’t agree with all their opinions but it’s open source and customizable. There is a problem though… +Sam Stelfoxhttps://stelfox.net/Recent content on Sam StelfoxHugoen-USWed, 10 May 2023 22:41:02 -0400Podman Socket Compatibility for Metalk8shttps://stelfox.net/blog/2023-05-10-podman-socket-compatibility/Wed, 10 May 2023 22:41:02 -0400https://stelfox.net/blog/2023-05-10-podman-socket-compatibility/I’ve long appreciated what a project called metalk8s has been doing… Making Kubernetes run in an opinionated way for private data centers. I don’t agree with all their opinions but it’s open source and customizable. There is a problem though… The docker binary and daemon are largely being replaced and deprecated in favor of podman in the RedHat distros that metalk8s targets. I fully support this change, podman is a great open source tool that listens to user feedback and has far outstripped Docker in capabilities and security features.Design Referencehttps://stelfox.net/design_reference/Fri, 21 Apr 2023 20:30:22 +0000https://stelfox.net/design_reference/I use this page to test how GitHub Flavored Markdown gets rendered with my site’s current design. This contains samples of all the various features I use. Headers H1 H2 H3 H4 H5 H6 Base Styles Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed interdum volutpat enim, vel dictum mi ultricies in. Praesent et ante id diam consequat vehicula. Donec placerat magna tristique urna pretium rutrum. Donec aliquet imperdiet ante id viverra.Combining "Subscribers" in Rust's Tracing Libraryhttps://stelfox.net/blog/2023-03-13-chained-tracing-subscribers/Thu, 13 Apr 2023 20:51:02 -0400https://stelfox.net/blog/2023-03-13-chained-tracing-subscribers/Tracing is a fantastic Rust library that I’ve found immensely useful, but I feel its documentation and API could still use a bit of polish. At first glance, the distinctions and roles of Subscribers, Layers, Filters, and Writers seem clear and well-documented. But when dealing with less common use cases, understanding their interactions and handling trait-based errors can become challenging. So, I’m thinking I need multiple “Subscribers” for the various events being traced, right?Logical Volume in Usehttps://stelfox.net/blog/2020-02-23-logical-volume-in-use/Sun, 23 Feb 2020 20:09:02 -0400https://stelfox.net/blog/2020-02-23-logical-volume-in-use/While attempting to automate some filesytem creation that involved LVM I kept running into an issue occasionally with some holding open the logical volumes. I would attempt to disable the volume using the following command: diff --git a/notes/index.xml b/notes/index.xml index e6229dc9..cbc83308 100644 --- a/notes/index.xml +++ b/notes/index.xml @@ -1,4 +1,4 @@ -Various Notes on Sam Stelfoxhttps://stelfox.net/notes/Recent content in Various Notes on Sam StelfoxHugo 0.125.2en-USThu, 26 Oct 2017 17:35:42 -0400Cron Daemonhttps://stelfox.net/notes/cron/Thu, 26 Oct 2017 17:35:42 -0400https://stelfox.net/notes/cron/Cron is a pretty standard utility and there isn’t much to it. I generally use cronie as my cron daemon with the associated anacron. Cron runs tasks periodically, and anacron helps ensure that a missed task will get run if it was off or powercycled when it would have otherwise run. +Various Notes on Sam Stelfoxhttps://stelfox.net/notes/Recent content in Various Notes on Sam StelfoxHugoen-USThu, 26 Oct 2017 17:35:42 -0400Cron Daemonhttps://stelfox.net/notes/cron/Thu, 26 Oct 2017 17:35:42 -0400https://stelfox.net/notes/cron/Cron is a pretty standard utility and there isn’t much to it. I generally use cronie as my cron daemon with the associated anacron. Cron runs tasks periodically, and anacron helps ensure that a missed task will get run if it was off or powercycled when it would have otherwise run. File Format The config format differs slightly between crontabs, regular cron files, and anacron entries. At the beginning of all the files environment variables can be set using key=value pairs to control the behavior of cron and anacron followed by entries for that file one to a line.Syslog-NGhttps://stelfox.net/notes/syslog_ng/Wed, 25 Oct 2017 01:56:02 -0400https://stelfox.net/notes/syslog_ng/Syslog-NG is a fast, reliable, and secure syslog daemon that can do advanced processing and log centralization while maintaining a sane configuration file syntax. I’ve recently come to vastly prefer it over my previous long term favorite Rsyslog. It’s important to note that when modifying the logs statements, they will be processed in order. This means log statements that finalize a message will never make it past that statement. This finalization behavior can be a great tool for optimizing the processing path of logs but can result in unexpected behavior if you don’t pay attention when re-ordering the statements.CFSSLhttps://stelfox.net/notes/cfssl/Tue, 24 Oct 2017 18:39:22 -0400https://stelfox.net/notes/cfssl/CFSSL is a toolkit of utilities for TLS PKI infrastructures and supports more functionality than I’ve personally needed. It is a fast and convenient way to setup and manage a multi-layer internal certificate authority. I’ve used it to generate an internal root CA, with sub-CAs for internal only server certificates, and separate CAs for each domain of client certificates (such as VPN, log, mail, and LDAP servers). This allows the root CA to be protected more stringently than specific domains.Server Naming Conventionhttps://stelfox.net/notes/naming_scheme/Fri, 20 Oct 2017 19:59:02 -0400https://stelfox.net/notes/naming_scheme/Over the years I’ve found myself using many different naming schemes for servers under my control. I came across a naming convention that finally feels correct. That blog post is quite well written and will let it stand on its own. In the event it ever disappears the important bits (and those where I’ve personalized it) are included here. diff --git a/tags/android/index.xml b/tags/android/index.xml index a2f8ca7d..96446621 100644 --- a/tags/android/index.xml +++ b/tags/android/index.xml @@ -1,2 +1,2 @@ -Android on Sam Stelfoxhttps://stelfox.net/tags/android/Recent content in Android on Sam StelfoxHugo 0.125.2en-USTue, 22 Jul 2014 21:54:59 -0400Unregistering From WhisperPush After Flashing a New ROMhttps://stelfox.net/blog/unregistering-from-whisperpush-after-flashing-a-new-rom/Tue, 22 Jul 2014 21:54:59 -0400https://stelfox.net/blog/unregistering-from-whisperpush-after-flashing-a-new-rom/I’ve been playing around with my Nexus 5 lately. It was quickly rooted and I began playing with various ROMs that had been pre-built for the Nexus 5. My first stop was the CyanogenMod. Since I’d last used CyanogenMod they added a built-in framework that provides transparent text message encryption called WhisperPush. +Android on Sam Stelfoxhttps://stelfox.net/tags/android/Recent content in Android on Sam StelfoxHugoen-USTue, 22 Jul 2014 21:54:59 -0400Unregistering From WhisperPush After Flashing a New ROMhttps://stelfox.net/blog/unregistering-from-whisperpush-after-flashing-a-new-rom/Tue, 22 Jul 2014 21:54:59 -0400https://stelfox.net/blog/unregistering-from-whisperpush-after-flashing-a-new-rom/I’ve been playing around with my Nexus 5 lately. It was quickly rooted and I began playing with various ROMs that had been pre-built for the Nexus 5. My first stop was the CyanogenMod. Since I’d last used CyanogenMod they added a built-in framework that provides transparent text message encryption called WhisperPush. WhisperPush is an implementation of Moxie Marlinspike’s highly respected TextSecure and I was very excited at the possibility of using it. \ No newline at end of file diff --git a/tags/arm/index.xml b/tags/arm/index.xml index 402d54cb..636bcf4a 100644 --- a/tags/arm/index.xml +++ b/tags/arm/index.xml @@ -1,2 +1,2 @@ -Arm on Sam Stelfoxhttps://stelfox.net/tags/arm/Recent content in Arm on Sam StelfoxHugo 0.125.2en-USMon, 18 Dec 2017 17:49:22 -0500Cross-Compiling Gentoo for Xilinx Boardshttps://stelfox.net/blog/2017-12-18-cross-compiling-gentoo-for-xilinx-boards/Mon, 18 Dec 2017 17:49:22 -0500https://stelfox.net/blog/2017-12-18-cross-compiling-gentoo-for-xilinx-boards/Note: If you’ve come here looking to build a root filesystem for 32 bit ARM devices I suspect everything but the build tuple will be the same. The issues that need to be worked around largely packaging and profile issues that should all be the same. +Arm on Sam Stelfoxhttps://stelfox.net/tags/arm/Recent content in Arm on Sam StelfoxHugoen-USMon, 18 Dec 2017 17:49:22 -0500Cross-Compiling Gentoo for Xilinx Boardshttps://stelfox.net/blog/2017-12-18-cross-compiling-gentoo-for-xilinx-boards/Mon, 18 Dec 2017 17:49:22 -0500https://stelfox.net/blog/2017-12-18-cross-compiling-gentoo-for-xilinx-boards/Note: If you’ve come here looking to build a root filesystem for 32 bit ARM devices I suspect everything but the build tuple will be the same. The issues that need to be worked around largely packaging and profile issues that should all be the same. I got a hold of a Zynq 7100 development board, and while I’ve played with some embedded ARM microcontrollers such as the STM32F3 series and more basic RISC style microcontrollers like Atmel’s SAMD10 and Atmega lines, I’ve never played with FPGA development before so I considered this an interesting learning opportunity. \ No newline at end of file diff --git a/tags/aws/index.xml b/tags/aws/index.xml index 0eb569dc..04ee7342 100644 --- a/tags/aws/index.xml +++ b/tags/aws/index.xml @@ -1,4 +1,4 @@ -Aws on Sam Stelfoxhttps://stelfox.net/tags/aws/Recent content in Aws on Sam StelfoxHugo 0.125.2en-USWed, 27 Mar 2019 19:11:30 -0400Merging Overlapping Subnetshttps://stelfox.net/blog/2019-03-27-merging-overlapping-subnets/Wed, 27 Mar 2019 19:11:30 -0400https://stelfox.net/blog/2019-03-27-merging-overlapping-subnets/Once upon a time there was a single AWS account. In this AWS account was several regions but a single VPC. To make sure expansions into other regions was possible this VPC chose to use the largest private subnet which just so happened to also be the default (10.0.0.0/8). +Aws on Sam Stelfoxhttps://stelfox.net/tags/aws/Recent content in Aws on Sam StelfoxHugoen-USWed, 27 Mar 2019 19:11:30 -0400Merging Overlapping Subnetshttps://stelfox.net/blog/2019-03-27-merging-overlapping-subnets/Wed, 27 Mar 2019 19:11:30 -0400https://stelfox.net/blog/2019-03-27-merging-overlapping-subnets/Once upon a time there was a single AWS account. In this AWS account was several regions but a single VPC. To make sure expansions into other regions was possible this VPC chose to use the largest private subnet which just so happened to also be the default (10.0.0.0/8). Another AWS account enter the picture and while they were single they came to the same conclusion and followed the best practices and defaults to their heart’s content.AWS Elastic IP Detailshttps://stelfox.net/blog/2019-03-17-aws-elastic-ip-details/Sun, 17 Mar 2019 16:26:30 -0500https://stelfox.net/blog/2019-03-17-aws-elastic-ip-details/Sometimes it becomes important to understand how your cloud provider implements certain networking details. While working through an issue in AWS I needed to understand how they handle public IP addressing. While this issue for me was specific to an Elastic IP all of their public addresses are handled this way and may bite you even without them. The problems specifically crop up when a hosted piece of software does NAT traversal detection and changes it’s behavior based on the result.SPF and Google Site Verification in Route 53https://stelfox.net/blog/2018-06-14-spf-and-google-site-verification-in-route-53/Thu, 14 Jun 2018 11:36:09 -0600https://stelfox.net/blog/2018-06-14-spf-and-google-site-verification-in-route-53/Route53 doesn’t allow multiple definitions of the same name/type pair of DNS entries which is quite a headache. This is the first time I’ve had a conflict of a TXT record in Route53 at the base, specifically both Google’s site verification, and SPF records both want to live at the root of the domain. The site verification record needs to stay around as Google periodically re-verifies the domain. To get this to work you need to quote both the Google verification string and the SPF record, but you also have to ensure that there is a newline in the field.SPF & DKIM Records in Route 53https://stelfox.net/blog/spf-and-dkim-records-in-route-53/Wed, 30 Jul 2014 10:46:13 -0400https://stelfox.net/blog/spf-and-dkim-records-in-route-53/I’m going to do a more detailed post on emailing from Amazon’s infrastructure soon, but in the meantime I wanted to quickly throw out solutions too a couple of problems I encountered. These are all specific too Amazon’s Route 53, and most are user error (myself). SPF Invalid Characters or Format After generating my SPF record, I jumped into Route 53, created a new record pasted in my record, attempted to save and received the following message:AWS Reserved Instance Pricinghttps://stelfox.net/blog/aws-reserved-instance-pricing/Fri, 06 Jun 2014 13:28:11 -0400https://stelfox.net/blog/aws-reserved-instance-pricing/The current large project I’m working on is going to be hosted on AWS and I was requested to do a cost estimate. Looking into it, it quickly became clear that reserved instances could potentially save quite a bit of cash but there was a catch (isn’t there always?). diff --git a/tags/backups/index.xml b/tags/backups/index.xml index a8dec0c0..c15c19d0 100644 --- a/tags/backups/index.xml +++ b/tags/backups/index.xml @@ -1,3 +1,3 @@ -Backups on Sam Stelfoxhttps://stelfox.net/tags/backups/Recent content in Backups on Sam StelfoxHugo 0.125.2en-USMon, 09 Oct 2017 14:50:23 +0000Amandahttps://stelfox.net/notes/amanda/Mon, 09 Oct 2017 14:50:23 +0000https://stelfox.net/notes/amanda/Amanda, or the Advanced Maryland Automatic Network Disk Archiver is an open source computer archiving tool that is able to back up data residing on multiple computers on a network. +Backups on Sam Stelfoxhttps://stelfox.net/tags/backups/Recent content in Backups on Sam StelfoxHugoen-USMon, 09 Oct 2017 14:50:23 +0000Amandahttps://stelfox.net/notes/amanda/Mon, 09 Oct 2017 14:50:23 +0000https://stelfox.net/notes/amanda/Amanda, or the Advanced Maryland Automatic Network Disk Archiver is an open source computer archiving tool that is able to back up data residing on multiple computers on a network. I am not a huge fan of having xinetd or perl on my system and this is reliant on both, however, there does not currently seem to be any reasonable open source alternatives that support managing a tape library. My notes on setting this up were incomplete and woefully outdated so I removed them. \ No newline at end of file diff --git a/tags/blender/index.xml b/tags/blender/index.xml index 0d360f4f..6949bbde 100644 --- a/tags/blender/index.xml +++ b/tags/blender/index.xml @@ -1,2 +1,2 @@ -Blender on Sam Stelfoxhttps://stelfox.net/tags/blender/Recent content in Blender on Sam StelfoxHugo 0.125.2en-USWed, 27 Nov 2019 16:42:02 -0500Blender Loop Select in Cinnamonhttps://stelfox.net/blog/2019-11-27-blender-loop-select-in-cinnamon/Wed, 27 Nov 2019 16:42:02 -0500https://stelfox.net/blog/2019-11-27-blender-loop-select-in-cinnamon/I’ve recently been playing around with Blender (following this tutorial series). In Part 4 of the Level 1 series, the host Andrew Price is teaching about loop selects which very simply is holding down Alt while clicking on a vertex. The issue wasn’t working for me though I found quite a few other users experiencing the issue. +Blender on Sam Stelfoxhttps://stelfox.net/tags/blender/Recent content in Blender on Sam StelfoxHugoen-USWed, 27 Nov 2019 16:42:02 -0500Blender Loop Select in Cinnamonhttps://stelfox.net/blog/2019-11-27-blender-loop-select-in-cinnamon/Wed, 27 Nov 2019 16:42:02 -0500https://stelfox.net/blog/2019-11-27-blender-loop-select-in-cinnamon/I’ve recently been playing around with Blender (following this tutorial series). In Part 4 of the Level 1 series, the host Andrew Price is teaching about loop selects which very simply is holding down Alt while clicking on a vertex. The issue wasn’t working for me though I found quite a few other users experiencing the issue. The most common fix was when people had three button mouse emulation enabled (a common setting people turn on when using laptops or Macs). \ No newline at end of file diff --git a/tags/certificates/index.xml b/tags/certificates/index.xml index 0017c0c9..0ea3602a 100644 --- a/tags/certificates/index.xml +++ b/tags/certificates/index.xml @@ -1,2 +1,2 @@ -Certificates on Sam Stelfoxhttps://stelfox.net/tags/certificates/Recent content in Certificates on Sam StelfoxHugo 0.125.2en-USTue, 24 Oct 2017 18:39:22 -0400CFSSLhttps://stelfox.net/notes/cfssl/Tue, 24 Oct 2017 18:39:22 -0400https://stelfox.net/notes/cfssl/CFSSL is a toolkit of utilities for TLS PKI infrastructures and supports more functionality than I’ve personally needed. It is a fast and convenient way to setup and manage a multi-layer internal certificate authority. +Certificates on Sam Stelfoxhttps://stelfox.net/tags/certificates/Recent content in Certificates on Sam StelfoxHugoen-USTue, 24 Oct 2017 18:39:22 -0400CFSSLhttps://stelfox.net/notes/cfssl/Tue, 24 Oct 2017 18:39:22 -0400https://stelfox.net/notes/cfssl/CFSSL is a toolkit of utilities for TLS PKI infrastructures and supports more functionality than I’ve personally needed. It is a fast and convenient way to setup and manage a multi-layer internal certificate authority. I’ve used it to generate an internal root CA, with sub-CAs for internal only server certificates, and separate CAs for each domain of client certificates (such as VPN, log, mail, and LDAP servers). This allows the root CA to be protected more stringently than specific domains. \ No newline at end of file diff --git a/tags/cinnamon/index.xml b/tags/cinnamon/index.xml index b90ab144..6171e7bb 100644 --- a/tags/cinnamon/index.xml +++ b/tags/cinnamon/index.xml @@ -1,2 +1,2 @@ -Cinnamon on Sam Stelfoxhttps://stelfox.net/tags/cinnamon/Recent content in Cinnamon on Sam StelfoxHugo 0.125.2en-USWed, 27 Nov 2019 16:42:02 -0500Blender Loop Select in Cinnamonhttps://stelfox.net/blog/2019-11-27-blender-loop-select-in-cinnamon/Wed, 27 Nov 2019 16:42:02 -0500https://stelfox.net/blog/2019-11-27-blender-loop-select-in-cinnamon/I’ve recently been playing around with Blender (following this tutorial series). In Part 4 of the Level 1 series, the host Andrew Price is teaching about loop selects which very simply is holding down Alt while clicking on a vertex. The issue wasn’t working for me though I found quite a few other users experiencing the issue. +Cinnamon on Sam Stelfoxhttps://stelfox.net/tags/cinnamon/Recent content in Cinnamon on Sam StelfoxHugoen-USWed, 27 Nov 2019 16:42:02 -0500Blender Loop Select in Cinnamonhttps://stelfox.net/blog/2019-11-27-blender-loop-select-in-cinnamon/Wed, 27 Nov 2019 16:42:02 -0500https://stelfox.net/blog/2019-11-27-blender-loop-select-in-cinnamon/I’ve recently been playing around with Blender (following this tutorial series). In Part 4 of the Level 1 series, the host Andrew Price is teaching about loop selects which very simply is holding down Alt while clicking on a vertex. The issue wasn’t working for me though I found quite a few other users experiencing the issue. The most common fix was when people had three button mouse emulation enabled (a common setting people turn on when using laptops or Macs). \ No newline at end of file diff --git a/tags/cisco/index.xml b/tags/cisco/index.xml index 0bd26518..821d6931 100644 --- a/tags/cisco/index.xml +++ b/tags/cisco/index.xml @@ -1 +1 @@ -Cisco on Sam Stelfoxhttps://stelfox.net/tags/cisco/Recent content in Cisco on Sam StelfoxHugo 0.125.2en-USSun, 24 Mar 2019 23:26:30 -0400Reflashing Cisco Catalyst With XMODEMhttps://stelfox.net/blog/2019-03-24-reflashing-cisco-catalyst-with-xmodem/Sun, 24 Mar 2019 23:26:30 -0400https://stelfox.net/blog/2019-03-24-reflashing-cisco-catalyst-with-xmodem/One of the Cisco Catalyst 3750 I had to work on recently had it’s flash completely wiped. When this happens you can only flash the filesystem using the XMODEM serial console. This is a fairly well documented process on Windows. On Linux most of the documented ways involve switching between multiple utilities and can be tricky. I wanted to documented how I did this and possibly help other in the same situation. \ No newline at end of file +Cisco on Sam Stelfoxhttps://stelfox.net/tags/cisco/Recent content in Cisco on Sam StelfoxHugoen-USSun, 24 Mar 2019 23:26:30 -0400Reflashing Cisco Catalyst With XMODEMhttps://stelfox.net/blog/2019-03-24-reflashing-cisco-catalyst-with-xmodem/Sun, 24 Mar 2019 23:26:30 -0400https://stelfox.net/blog/2019-03-24-reflashing-cisco-catalyst-with-xmodem/One of the Cisco Catalyst 3750 I had to work on recently had it’s flash completely wiped. When this happens you can only flash the filesystem using the XMODEM serial console. This is a fairly well documented process on Windows. On Linux most of the documented ways involve switching between multiple utilities and can be tricky. I wanted to documented how I did this and possibly help other in the same situation. \ No newline at end of file diff --git a/tags/cli/index.xml b/tags/cli/index.xml index 1dcdc43b..38a6d302 100644 --- a/tags/cli/index.xml +++ b/tags/cli/index.xml @@ -1,2 +1,2 @@ -Cli on Sam Stelfoxhttps://stelfox.net/tags/cli/Recent content in Cli on Sam StelfoxHugo 0.125.2en-USFri, 20 Oct 2017 12:51:00 -0400Mutthttps://stelfox.net/notes/mutt/Fri, 20 Oct 2017 12:51:00 -0400https://stelfox.net/notes/mutt/I keep a copy of my mutt config both here on the site as well as in my public dotfiles. Eventually I’ll likely document my reasoning, preferences and the tradeoffs made in that config (and change my mind on most in the process). +Cli on Sam Stelfoxhttps://stelfox.net/tags/cli/Recent content in Cli on Sam StelfoxHugoen-USFri, 20 Oct 2017 12:51:00 -0400Mutthttps://stelfox.net/notes/mutt/Fri, 20 Oct 2017 12:51:00 -0400https://stelfox.net/notes/mutt/I keep a copy of my mutt config both here on the site as well as in my public dotfiles. Eventually I’ll likely document my reasoning, preferences and the tradeoffs made in that config (and change my mind on most in the process). Vim Since I use vim as my editor I also added the following line to my vim configuration file to autowrap my lines at 72 characters, but only for mutt composed messsages. \ No newline at end of file diff --git a/tags/cloudflare/index.xml b/tags/cloudflare/index.xml index e10cb0ec..ad19db49 100644 --- a/tags/cloudflare/index.xml +++ b/tags/cloudflare/index.xml @@ -1,3 +1,3 @@ -Cloudflare on Sam Stelfoxhttps://stelfox.net/tags/cloudflare/Recent content in Cloudflare on Sam StelfoxHugo 0.125.2en-USSun, 21 Oct 2018 22:36:09 -0600Weird CloudFlare Behaviorhttps://stelfox.net/blog/2018-10-21-weird-cloudflare-behavior/Sun, 21 Oct 2018 22:36:09 -0600https://stelfox.net/blog/2018-10-21-weird-cloudflare-behavior/While working on a replacement webserver, I encountered some odd behavior which took a bit to track down to CloudFlare. This isn’t a bug or an issue with CloudFlare, it was just unexpected. +Cloudflare on Sam Stelfoxhttps://stelfox.net/tags/cloudflare/Recent content in Cloudflare on Sam StelfoxHugoen-USSun, 21 Oct 2018 22:36:09 -0600Weird CloudFlare Behaviorhttps://stelfox.net/blog/2018-10-21-weird-cloudflare-behavior/Sun, 21 Oct 2018 22:36:09 -0600https://stelfox.net/blog/2018-10-21-weird-cloudflare-behavior/While working on a replacement webserver, I encountered some odd behavior which took a bit to track down to CloudFlare. This isn’t a bug or an issue with CloudFlare, it was just unexpected. The server was configured to respond to www.example.tld as well as example.tld, to both encrypted and unencrypted connections. Any requests to the www. domain get redirected to https://example.tld. The config was roughly: server { listen 80; listen [::]:80; listen 443 ssl http2; listen [::]:443 ssl http2; server_name www. \ No newline at end of file diff --git a/tags/development/index.xml b/tags/development/index.xml index 8966257e..0902517e 100644 --- a/tags/development/index.xml +++ b/tags/development/index.xml @@ -1,4 +1,4 @@ -Development on Sam Stelfoxhttps://stelfox.net/tags/development/Recent content in Development on Sam StelfoxHugo 0.125.2en-USThu, 18 Feb 2016 15:46:12 -0500Sharing Context Between Dependent Rake Taskshttps://stelfox.net/blog/sharing-context-between-dependent-rake-tasks/Thu, 18 Feb 2016 15:46:12 -0500https://stelfox.net/blog/sharing-context-between-dependent-rake-tasks/I use Rakefiles quite a bit like traditional Makefiles, in that I specify immediate dependencies for an individual task and Rake will execute all of them. If a file or directory is the dependency and it exists, the task that creates it will be skipped. A contrived Rakefile example might look like: +Development on Sam Stelfoxhttps://stelfox.net/tags/development/Recent content in Development on Sam StelfoxHugoen-USThu, 18 Feb 2016 15:46:12 -0500Sharing Context Between Dependent Rake Taskshttps://stelfox.net/blog/sharing-context-between-dependent-rake-tasks/Thu, 18 Feb 2016 15:46:12 -0500https://stelfox.net/blog/sharing-context-between-dependent-rake-tasks/I use Rakefiles quite a bit like traditional Makefiles, in that I specify immediate dependencies for an individual task and Rake will execute all of them. If a file or directory is the dependency and it exists, the task that creates it will be skipped. A contrived Rakefile example might look like: file 'sample' do |t| puts 'Creating sample directory' Dir.mkdir(t.name) end file 'sample/population.txt' => ['sample'] do |t| puts 'Creating sample population file.Ruby Code Quality Metricshttps://stelfox.net/blog/ruby-code-quality-metrics/Wed, 22 Apr 2015 16:47:10 -0400https://stelfox.net/blog/ruby-code-quality-metrics/I like getting unopinionated feedback on the quality of the code I write. Sometimes I can get this from other developers but they tend to get annoyed being asked after every commit whether they consider it an improvement. There are a few utilities for Ruby codebases such as flay, flog, and rubocop as well as hosted services such as Code Climate that can help you identify chunks of code that can use some work.Extracting Content From Markdownhttps://stelfox.net/blog/extracting-content-from-markdown/Fri, 30 May 2014 18:34:29 -0400https://stelfox.net/blog/extracting-content-from-markdown/Recently I’ve been playing around with building a pure javascript full text search engine for static content sites like this one. One of the challenges with doing this has been working around the Markdown markup embedded in the written content. Most of the markdown syntax can be stripped out simply by removing all non-alphanumeric characters from the document and move on. This doesn’t solve one of the bigger challenges I’ve experienced… Code blocks.Calculating RSA Key Fingerprints in Rubyhttps://stelfox.net/blog/calculating-rsa-key-fingerprints-in-ruby/Mon, 21 Apr 2014 18:37:04 -0400https://stelfox.net/blog/calculating-rsa-key-fingerprints-in-ruby/I regularly find myself working on projects that involve the manipulation and storage of RSA keys. In the past I’ve never had to worry about identification or presentation of these keys. Normally I’ve only got one too three pairs at most that I’m manipulating (server, certificate authority, client). diff --git a/tags/diagnostics/index.xml b/tags/diagnostics/index.xml index 08a47ece..c50c156b 100644 --- a/tags/diagnostics/index.xml +++ b/tags/diagnostics/index.xml @@ -1,2 +1,2 @@ -Diagnostics on Sam Stelfoxhttps://stelfox.net/tags/diagnostics/Recent content in Diagnostics on Sam StelfoxHugo 0.125.2en-USFri, 25 Oct 2019 11:26:31 -0500Fixing Hung Nginx Workershttps://stelfox.net/blog/2019-10-25-fixing-hung-nginx-workers/Fri, 25 Oct 2019 11:26:31 -0500https://stelfox.net/blog/2019-10-25-fixing-hung-nginx-workers/While cleaning up some tech debt, a curious issue cropped up. Nginx was running in an alpine container as a front end load balancer. It had a dynamic config that got periodically updated by a sidecar, and had filebeat shipping logs out to a central collector but otherwise was just a very simple Nginx config. +Diagnostics on Sam Stelfoxhttps://stelfox.net/tags/diagnostics/Recent content in Diagnostics on Sam StelfoxHugoen-USFri, 25 Oct 2019 11:26:31 -0500Fixing Hung Nginx Workershttps://stelfox.net/blog/2019-10-25-fixing-hung-nginx-workers/Fri, 25 Oct 2019 11:26:31 -0500https://stelfox.net/blog/2019-10-25-fixing-hung-nginx-workers/While cleaning up some tech debt, a curious issue cropped up. Nginx was running in an alpine container as a front end load balancer. It had a dynamic config that got periodically updated by a sidecar, and had filebeat shipping logs out to a central collector but otherwise was just a very simple Nginx config. Every now and then the container would crash, it would automatically recover fast enough no alarms were lost and the clients would just resend their requests. \ No newline at end of file diff --git a/tags/dns/index.xml b/tags/dns/index.xml index 8dae2b41..c65faedd 100644 --- a/tags/dns/index.xml +++ b/tags/dns/index.xml @@ -1,2 +1,2 @@ -Dns on Sam Stelfoxhttps://stelfox.net/tags/dns/Recent content in Dns on Sam StelfoxHugo 0.125.2en-USThu, 14 Jun 2018 11:36:09 -0600SPF and Google Site Verification in Route 53https://stelfox.net/blog/2018-06-14-spf-and-google-site-verification-in-route-53/Thu, 14 Jun 2018 11:36:09 -0600https://stelfox.net/blog/2018-06-14-spf-and-google-site-verification-in-route-53/Route53 doesn’t allow multiple definitions of the same name/type pair of DNS entries which is quite a headache. This is the first time I’ve had a conflict of a TXT record in Route53 at the base, specifically both Google’s site verification, and SPF records both want to live at the root of the domain. The site verification record needs to stay around as Google periodically re-verifies the domain. +Dns on Sam Stelfoxhttps://stelfox.net/tags/dns/Recent content in Dns on Sam StelfoxHugoen-USThu, 14 Jun 2018 11:36:09 -0600SPF and Google Site Verification in Route 53https://stelfox.net/blog/2018-06-14-spf-and-google-site-verification-in-route-53/Thu, 14 Jun 2018 11:36:09 -0600https://stelfox.net/blog/2018-06-14-spf-and-google-site-verification-in-route-53/Route53 doesn’t allow multiple definitions of the same name/type pair of DNS entries which is quite a headache. This is the first time I’ve had a conflict of a TXT record in Route53 at the base, specifically both Google’s site verification, and SPF records both want to live at the root of the domain. The site verification record needs to stay around as Google periodically re-verifies the domain. To get this to work you need to quote both the Google verification string and the SPF record, but you also have to ensure that there is a newline in the field. \ No newline at end of file diff --git a/tags/docker/index.xml b/tags/docker/index.xml index db467415..b9b35cb1 100644 --- a/tags/docker/index.xml +++ b/tags/docker/index.xml @@ -1,3 +1,3 @@ -Docker on Sam Stelfoxhttps://stelfox.net/tags/docker/Recent content in Docker on Sam StelfoxHugo 0.125.2en-USWed, 10 May 2023 22:41:02 -0400Podman Socket Compatibility for Metalk8shttps://stelfox.net/blog/2023-05-10-podman-socket-compatibility/Wed, 10 May 2023 22:41:02 -0400https://stelfox.net/blog/2023-05-10-podman-socket-compatibility/I’ve long appreciated what a project called metalk8s has been doing… Making Kubernetes run in an opinionated way for private data centers. I don’t agree with all their opinions but it’s open source and customizable. There is a problem though… +Docker on Sam Stelfoxhttps://stelfox.net/tags/docker/Recent content in Docker on Sam StelfoxHugoen-USWed, 10 May 2023 22:41:02 -0400Podman Socket Compatibility for Metalk8shttps://stelfox.net/blog/2023-05-10-podman-socket-compatibility/Wed, 10 May 2023 22:41:02 -0400https://stelfox.net/blog/2023-05-10-podman-socket-compatibility/I’ve long appreciated what a project called metalk8s has been doing… Making Kubernetes run in an opinionated way for private data centers. I don’t agree with all their opinions but it’s open source and customizable. There is a problem though… The docker binary and daemon are largely being replaced and deprecated in favor of podman in the RedHat distros that metalk8s targets. I fully support this change, podman is a great open source tool that listens to user feedback and has far outstripped Docker in capabilities and security features.Modifying the Hosts File in a Docker Containerhttps://stelfox.net/blog/modifying-the-hosts-file-in-a-docker-container/Tue, 03 Jun 2014 11:43:59 -0400https://stelfox.net/blog/modifying-the-hosts-file-in-a-docker-container/Before I describe the issue that I encountered, let me be very clear. This hack is potentially dangerous and should absolutely only be done in development environments. This won’t affect your host system, only the docker container so the most damage you’ll do is prevent hostname and possibly user/group lookups within the container itself. Alright with that out of the way, I was actively working on a codebase that uses subdomains as part of the identifier. \ No newline at end of file diff --git a/tags/dracut/index.xml b/tags/dracut/index.xml index d29454c0..4d2ab959 100644 --- a/tags/dracut/index.xml +++ b/tags/dracut/index.xml @@ -1,2 +1,2 @@ -Dracut on Sam Stelfoxhttps://stelfox.net/tags/dracut/Recent content in Dracut on Sam StelfoxHugo 0.125.2en-USTue, 18 Feb 2020 18:42:02 -0500Extracting Dracut Built initramfshttps://stelfox.net/blog/2020-02-18-extracting-dracut-initramfs/Tue, 18 Feb 2020 18:42:02 -0500https://stelfox.net/blog/2020-02-18-extracting-dracut-initramfs/It’s been a hot second since I’ve dived into the lands of initramfs and since then it seems like things have gotten more complicated. This is the way of things in tech and usually has a good reason. The simple way that used to work wonders (and is still required) to start with, was to identify if the file is compressed: +Dracut on Sam Stelfoxhttps://stelfox.net/tags/dracut/Recent content in Dracut on Sam StelfoxHugoen-USTue, 18 Feb 2020 18:42:02 -0500Extracting Dracut Built initramfshttps://stelfox.net/blog/2020-02-18-extracting-dracut-initramfs/Tue, 18 Feb 2020 18:42:02 -0500https://stelfox.net/blog/2020-02-18-extracting-dracut-initramfs/It’s been a hot second since I’ve dived into the lands of initramfs and since then it seems like things have gotten more complicated. This is the way of things in tech and usually has a good reason. The simple way that used to work wonders (and is still required) to start with, was to identify if the file is compressed: $ file /boot/initramfs-current.img /boot/initramfs-current.img: ASCII cpio archive (SVR4 with no CRC) In this case the file appears to be entirely uncompressed which is convenient and likely exactly what you’ll experience for reasons I’m about to get to. \ No newline at end of file diff --git a/tags/embedded/index.xml b/tags/embedded/index.xml index 344ba818..9ab9f26c 100644 --- a/tags/embedded/index.xml +++ b/tags/embedded/index.xml @@ -1,2 +1,2 @@ -Embedded on Sam Stelfoxhttps://stelfox.net/tags/embedded/Recent content in Embedded on Sam StelfoxHugo 0.125.2en-USMon, 18 Dec 2017 17:49:22 -0500Cross-Compiling Gentoo for Xilinx Boardshttps://stelfox.net/blog/2017-12-18-cross-compiling-gentoo-for-xilinx-boards/Mon, 18 Dec 2017 17:49:22 -0500https://stelfox.net/blog/2017-12-18-cross-compiling-gentoo-for-xilinx-boards/Note: If you’ve come here looking to build a root filesystem for 32 bit ARM devices I suspect everything but the build tuple will be the same. The issues that need to be worked around largely packaging and profile issues that should all be the same. +Embedded on Sam Stelfoxhttps://stelfox.net/tags/embedded/Recent content in Embedded on Sam StelfoxHugoen-USMon, 18 Dec 2017 17:49:22 -0500Cross-Compiling Gentoo for Xilinx Boardshttps://stelfox.net/blog/2017-12-18-cross-compiling-gentoo-for-xilinx-boards/Mon, 18 Dec 2017 17:49:22 -0500https://stelfox.net/blog/2017-12-18-cross-compiling-gentoo-for-xilinx-boards/Note: If you’ve come here looking to build a root filesystem for 32 bit ARM devices I suspect everything but the build tuple will be the same. The issues that need to be worked around largely packaging and profile issues that should all be the same. I got a hold of a Zynq 7100 development board, and while I’ve played with some embedded ARM microcontrollers such as the STM32F3 series and more basic RISC style microcontrollers like Atmel’s SAMD10 and Atmega lines, I’ve never played with FPGA development before so I considered this an interesting learning opportunity. \ No newline at end of file diff --git a/tags/firefox/index.xml b/tags/firefox/index.xml index 974fd9f5..f85efff3 100644 --- a/tags/firefox/index.xml +++ b/tags/firefox/index.xml @@ -1,2 +1,2 @@ -Firefox on Sam Stelfoxhttps://stelfox.net/tags/firefox/Recent content in Firefox on Sam StelfoxHugo 0.125.2en-USSat, 13 Apr 2019 11:53:22 -0400Fixing Dark Input Boxes in Firefoxhttps://stelfox.net/blog/2019-04-13-fixing-dark-input-boxes-in-firefox/Sat, 13 Apr 2019 11:53:22 -0400https://stelfox.net/blog/2019-04-13-fixing-dark-input-boxes-in-firefox/I recently began trying out Cinnamon as my desktop environment and I’ve been thoroughly enjoying it. The only issue I was having was occasionally a page’s form input fields would have a dark background while still having dark text making it impossible to read, and very difficult to write. +Firefox on Sam Stelfoxhttps://stelfox.net/tags/firefox/Recent content in Firefox on Sam StelfoxHugoen-USSat, 13 Apr 2019 11:53:22 -0400Fixing Dark Input Boxes in Firefoxhttps://stelfox.net/blog/2019-04-13-fixing-dark-input-boxes-in-firefox/Sat, 13 Apr 2019 11:53:22 -0400https://stelfox.net/blog/2019-04-13-fixing-dark-input-boxes-in-firefox/I recently began trying out Cinnamon as my desktop environment and I’ve been thoroughly enjoying it. The only issue I was having was occasionally a page’s form input fields would have a dark background while still having dark text making it impossible to read, and very difficult to write. It wasn’t happening everywhere, and I couldn’t track down what about a website would cause the issue. Most prominently for me was when this showed up in AWS’s interface. \ No newline at end of file diff --git a/tags/firewall/index.xml b/tags/firewall/index.xml index 63ffbf8e..c4f9afb4 100644 --- a/tags/firewall/index.xml +++ b/tags/firewall/index.xml @@ -1 +1 @@ -Firewall on Sam Stelfoxhttps://stelfox.net/tags/firewall/Recent content in Firewall on Sam StelfoxHugo 0.125.2en-USSun, 14 Oct 2018 13:36:09 -0600It's Never the Firewallhttps://stelfox.net/blog/2018-10-13-its-never-the-firewall/Sun, 14 Oct 2018 13:36:09 -0600https://stelfox.net/blog/2018-10-13-its-never-the-firewall/This last Thursday I had the privilege of giving a talk at our local Linux User Group about diagnosing firewall issues on Linux entitled “It’s Never the Firewall: Diagnosing Linux Firewall Issues”. I really enjoyed giving the talk, however, I left a few questions unanswered. While I may do a more extensive post on everything that I went through in the talk (I have been lax on writing content for this blog), this post is more to answer the outstanding questions and of course to make my slides available. \ No newline at end of file +Firewall on Sam Stelfoxhttps://stelfox.net/tags/firewall/Recent content in Firewall on Sam StelfoxHugoen-USSun, 14 Oct 2018 13:36:09 -0600It's Never the Firewallhttps://stelfox.net/blog/2018-10-13-its-never-the-firewall/Sun, 14 Oct 2018 13:36:09 -0600https://stelfox.net/blog/2018-10-13-its-never-the-firewall/This last Thursday I had the privilege of giving a talk at our local Linux User Group about diagnosing firewall issues on Linux entitled “It’s Never the Firewall: Diagnosing Linux Firewall Issues”. I really enjoyed giving the talk, however, I left a few questions unanswered. While I may do a more extensive post on everything that I went through in the talk (I have been lax on writing content for this blog), this post is more to answer the outstanding questions and of course to make my slides available. \ No newline at end of file diff --git a/tags/gentoo/index.xml b/tags/gentoo/index.xml index f01aebcf..f923c439 100644 --- a/tags/gentoo/index.xml +++ b/tags/gentoo/index.xml @@ -1,4 +1,4 @@ -Gentoo on Sam Stelfoxhttps://stelfox.net/tags/gentoo/Recent content in Gentoo on Sam StelfoxHugo 0.125.2en-USMon, 27 Nov 2017 17:23:09 +0500XFCE Failed to Connect to Sockethttps://stelfox.net/blog/2017-11-27-xfce-failed-to-connect-to-socket/Mon, 27 Nov 2017 17:23:09 +0500https://stelfox.net/blog/2017-11-27-xfce-failed-to-connect-to-socket/While trying to build up a minimal Gentoo graphical environment I kept running into an error every time I logged into XFCE from lightdm (I didn’t try starting up XFCE any other way). There are tons of blog posts that relate to systemd, ubuntu, or crouton but none related to Gentoo. +Gentoo on Sam Stelfoxhttps://stelfox.net/tags/gentoo/Recent content in Gentoo on Sam StelfoxHugoen-USMon, 27 Nov 2017 17:23:09 +0500XFCE Failed to Connect to Sockethttps://stelfox.net/blog/2017-11-27-xfce-failed-to-connect-to-socket/Mon, 27 Nov 2017 17:23:09 +0500https://stelfox.net/blog/2017-11-27-xfce-failed-to-connect-to-socket/While trying to build up a minimal Gentoo graphical environment I kept running into an error every time I logged into XFCE from lightdm (I didn’t try starting up XFCE any other way). There are tons of blog posts that relate to systemd, ubuntu, or crouton but none related to Gentoo. The first error message that pops up is: Unable to contact settings server Failed to connect to socket /tmp/dbus-xxxxxxxxx: Connection refused Once you click through there was a second error message, but I believe it was due to the previous error and not actually an issue:Unable to Enter LUKS Passphrasehttps://stelfox.net/blog/2017-11-26-unable-to-enter-luks-passphrase/Sun, 26 Nov 2017 21:49:51 -0500https://stelfox.net/blog/2017-11-26-unable-to-enter-luks-passphrase/While setting up a gentoo install with a full disk encryption, I continuously got to a point where the passphrase would show up on boot but I was unable to enter the passphrase. The behavior of the keyboard was also odd, it would toggle it’s numlock light every couple of button presses. Once again this was an issue that was hard to search for, and most other people asking it seemed to only get snarky non-answers which seem so prevalent in forums.Downgrading Glibc in Gentoohttps://stelfox.net/blog/2017-11-15-downgrading-glibc-in-gentoo/Wed, 15 Nov 2017 12:27:45 +0000https://stelfox.net/blog/2017-11-15-downgrading-glibc-in-gentoo/While refining some automated setup scripts at some point I upgraded to a testing/unstable version of glibc. When I attempted to get the box back on to the stable version I hit a solid protection mechanism built into the portage scripts that prevents downgrading glibc. Attempts will give you the following error message: diff --git a/tags/gpg/index.xml b/tags/gpg/index.xml index 5dcf06a4..51d2507f 100644 --- a/tags/gpg/index.xml +++ b/tags/gpg/index.xml @@ -1,4 +1,4 @@ -Gpg on Sam Stelfoxhttps://stelfox.net/tags/gpg/Recent content in Gpg on Sam StelfoxHugo 0.125.2en-USMon, 04 Dec 2017 11:38:01 -0500Unusable Secret Keyhttps://stelfox.net/blog/2017-12-04-unusable-secret-key/Mon, 04 Dec 2017 11:38:01 -0500https://stelfox.net/blog/2017-12-04-unusable-secret-key/I use a Yubikey NEO to store subkeys used for signing and authentication. I started experiencing a weird issue with it. It coincided with me rebuilding my system so diagnosing it ended up being harder than normal. The behavior I experienced allowed me to use the key to authenticate (SSH’ing worked fine) but any attempt to sign new data resulted in an ‘Unusuable secret key’ error. For git this resulted in the following message:GPG Process Noteshttps://stelfox.net/notes/gnupg/Mon, 09 Oct 2017 23:35:34 +0000https://stelfox.net/notes/gnupg/I followed the TAILS setup guide to get a secure offline environment running to perform this generation task. The steps I took are documented in the tails document. +Gpg on Sam Stelfoxhttps://stelfox.net/tags/gpg/Recent content in Gpg on Sam StelfoxHugoen-USMon, 04 Dec 2017 11:38:01 -0500Unusable Secret Keyhttps://stelfox.net/blog/2017-12-04-unusable-secret-key/Mon, 04 Dec 2017 11:38:01 -0500https://stelfox.net/blog/2017-12-04-unusable-secret-key/I use a Yubikey NEO to store subkeys used for signing and authentication. I started experiencing a weird issue with it. It coincided with me rebuilding my system so diagnosing it ended up being harder than normal. The behavior I experienced allowed me to use the key to authenticate (SSH’ing worked fine) but any attempt to sign new data resulted in an ‘Unusuable secret key’ error. For git this resulted in the following message:GPG Process Noteshttps://stelfox.net/notes/gnupg/Mon, 09 Oct 2017 23:35:34 +0000https://stelfox.net/notes/gnupg/I followed the TAILS setup guide to get a secure offline environment running to perform this generation task. The steps I took are documented in the tails document. Initial Key Creation For simplicity I wanted to clear out the GnuPG configuration that starts out in place. Makes things a lot nicer later on. rm -rf ~/.gnupg/* I pulled in the .gnupg/gpg.conf from my dotfiles by hand. And begin the key generation process \ No newline at end of file diff --git a/tags/hardware/index.xml b/tags/hardware/index.xml index 72c1d4a7..a2edc6df 100644 --- a/tags/hardware/index.xml +++ b/tags/hardware/index.xml @@ -1,2 +1,2 @@ -Hardware on Sam Stelfoxhttps://stelfox.net/tags/hardware/Recent content in Hardware on Sam StelfoxHugo 0.125.2en-USSun, 01 May 2011 15:48:08 +0000Exploration of an ACN Iris 3000https://stelfox.net/blog/exploration-of-a-acn-iris-3000/Sun, 01 May 2011 15:48:08 +0000https://stelfox.net/blog/exploration-of-a-acn-iris-3000/So I found a dirt cheap video SIP phone (ACN Iris 3000) at a local HAM fest. After looking around I found the vendor has locked in the phone with their specific service with an iron grip and had gone out of business. I guess I should expect that kind of anti-competitive behavior from a business that Donald Trump has a vested interest in. +Hardware on Sam Stelfoxhttps://stelfox.net/tags/hardware/Recent content in Hardware on Sam StelfoxHugoen-USSun, 01 May 2011 15:48:08 +0000Exploration of an ACN Iris 3000https://stelfox.net/blog/exploration-of-a-acn-iris-3000/Sun, 01 May 2011 15:48:08 +0000https://stelfox.net/blog/exploration-of-a-acn-iris-3000/So I found a dirt cheap video SIP phone (ACN Iris 3000) at a local HAM fest. After looking around I found the vendor has locked in the phone with their specific service with an iron grip and had gone out of business. I guess I should expect that kind of anti-competitive behavior from a business that Donald Trump has a vested interest in. I’ve come across one post on a forum that seems to have been crawled and copied out every where. \ No newline at end of file diff --git a/tags/index.xml b/tags/index.xml index 4de1ca8e..74406666 100644 --- a/tags/index.xml +++ b/tags/index.xml @@ -1 +1 @@ -Tags on Sam Stelfoxhttps://stelfox.net/tags/Recent content in Tags on Sam StelfoxHugo 0.125.2en-USWed, 10 May 2023 22:41:02 -0400Dockerhttps://stelfox.net/tags/docker/Mon, 01 Jan 0001 00:00:00 +0000https://stelfox.net/tags/docker/Kuberneteshttps://stelfox.net/tags/kubernetes/Mon, 01 Jan 0001 00:00:00 +0000https://stelfox.net/tags/kubernetes/Linuxhttps://stelfox.net/tags/linux/Mon, 01 Jan 0001 00:00:00 +0000https://stelfox.net/tags/linux/Metalk8shttps://stelfox.net/tags/metalk8s/Mon, 01 Jan 0001 00:00:00 +0000https://stelfox.net/tags/metalk8s/Podmanhttps://stelfox.net/tags/podman/Mon, 01 Jan 0001 00:00:00 +0000https://stelfox.net/tags/podman/Programminghttps://stelfox.net/tags/programming/Mon, 01 Jan 0001 00:00:00 +0000https://stelfox.net/tags/programming/Rusthttps://stelfox.net/tags/rust/Mon, 01 Jan 0001 00:00:00 +0000https://stelfox.net/tags/rust/Tracinghttps://stelfox.net/tags/tracing/Mon, 01 Jan 0001 00:00:00 +0000https://stelfox.net/tags/tracing/Lvmhttps://stelfox.net/tags/lvm/Mon, 01 Jan 0001 00:00:00 +0000https://stelfox.net/tags/lvm/Dracuthttps://stelfox.net/tags/dracut/Mon, 01 Jan 0001 00:00:00 +0000https://stelfox.net/tags/dracut/ \ No newline at end of file +Tags on Sam Stelfoxhttps://stelfox.net/tags/Recent content in Tags on Sam StelfoxHugoen-USWed, 10 May 2023 22:41:02 -0400Dockerhttps://stelfox.net/tags/docker/Mon, 01 Jan 0001 00:00:00 +0000https://stelfox.net/tags/docker/Kuberneteshttps://stelfox.net/tags/kubernetes/Mon, 01 Jan 0001 00:00:00 +0000https://stelfox.net/tags/kubernetes/Linuxhttps://stelfox.net/tags/linux/Mon, 01 Jan 0001 00:00:00 +0000https://stelfox.net/tags/linux/Metalk8shttps://stelfox.net/tags/metalk8s/Mon, 01 Jan 0001 00:00:00 +0000https://stelfox.net/tags/metalk8s/Podmanhttps://stelfox.net/tags/podman/Mon, 01 Jan 0001 00:00:00 +0000https://stelfox.net/tags/podman/Programminghttps://stelfox.net/tags/programming/Mon, 01 Jan 0001 00:00:00 +0000https://stelfox.net/tags/programming/Rusthttps://stelfox.net/tags/rust/Mon, 01 Jan 0001 00:00:00 +0000https://stelfox.net/tags/rust/Tracinghttps://stelfox.net/tags/tracing/Mon, 01 Jan 0001 00:00:00 +0000https://stelfox.net/tags/tracing/Lvmhttps://stelfox.net/tags/lvm/Mon, 01 Jan 0001 00:00:00 +0000https://stelfox.net/tags/lvm/Dracuthttps://stelfox.net/tags/dracut/Mon, 01 Jan 0001 00:00:00 +0000https://stelfox.net/tags/dracut/ \ No newline at end of file diff --git a/tags/ipsec/index.xml b/tags/ipsec/index.xml index 827efb8b..b1fb0857 100644 --- a/tags/ipsec/index.xml +++ b/tags/ipsec/index.xml @@ -1,3 +1,3 @@ -Ipsec on Sam Stelfoxhttps://stelfox.net/tags/ipsec/Recent content in Ipsec on Sam StelfoxHugo 0.125.2en-USWed, 27 Mar 2019 19:11:30 -0400Merging Overlapping Subnetshttps://stelfox.net/blog/2019-03-27-merging-overlapping-subnets/Wed, 27 Mar 2019 19:11:30 -0400https://stelfox.net/blog/2019-03-27-merging-overlapping-subnets/Once upon a time there was a single AWS account. In this AWS account was several regions but a single VPC. To make sure expansions into other regions was possible this VPC chose to use the largest private subnet which just so happened to also be the default (10.0.0.0/8). +Ipsec on Sam Stelfoxhttps://stelfox.net/tags/ipsec/Recent content in Ipsec on Sam StelfoxHugoen-USWed, 27 Mar 2019 19:11:30 -0400Merging Overlapping Subnetshttps://stelfox.net/blog/2019-03-27-merging-overlapping-subnets/Wed, 27 Mar 2019 19:11:30 -0400https://stelfox.net/blog/2019-03-27-merging-overlapping-subnets/Once upon a time there was a single AWS account. In this AWS account was several regions but a single VPC. To make sure expansions into other regions was possible this VPC chose to use the largest private subnet which just so happened to also be the default (10.0.0.0/8). Another AWS account enter the picture and while they were single they came to the same conclusion and followed the best practices and defaults to their heart’s content.Fighting IPSec on AWShttps://stelfox.net/blog/2019-03-14-fighting-with-ipsec/Thu, 14 Mar 2019 21:26:30 -0400https://stelfox.net/blog/2019-03-14-fighting-with-ipsec/IPSec is a well known and well understood protocol that is pretty easy to get setup and going… Most of the time. While setting up an IPSec tunnel to an AWS host I came across a new and unique experience that didn’t seem to have an easily searchable solution. I had two CentOS 7 EC2 instances, each set up with their own Elastic IP in a default VPC. I installed and configured libreswan with the following config: \ No newline at end of file diff --git a/tags/iptables/index.xml b/tags/iptables/index.xml index c3967a51..4ed59312 100644 --- a/tags/iptables/index.xml +++ b/tags/iptables/index.xml @@ -1 +1 @@ -Iptables on Sam Stelfoxhttps://stelfox.net/tags/iptables/Recent content in Iptables on Sam StelfoxHugo 0.125.2en-USSun, 14 Oct 2018 13:36:09 -0600It's Never the Firewallhttps://stelfox.net/blog/2018-10-13-its-never-the-firewall/Sun, 14 Oct 2018 13:36:09 -0600https://stelfox.net/blog/2018-10-13-its-never-the-firewall/This last Thursday I had the privilege of giving a talk at our local Linux User Group about diagnosing firewall issues on Linux entitled “It’s Never the Firewall: Diagnosing Linux Firewall Issues”. I really enjoyed giving the talk, however, I left a few questions unanswered. While I may do a more extensive post on everything that I went through in the talk (I have been lax on writing content for this blog), this post is more to answer the outstanding questions and of course to make my slides available. \ No newline at end of file +Iptables on Sam Stelfoxhttps://stelfox.net/tags/iptables/Recent content in Iptables on Sam StelfoxHugoen-USSun, 14 Oct 2018 13:36:09 -0600It's Never the Firewallhttps://stelfox.net/blog/2018-10-13-its-never-the-firewall/Sun, 14 Oct 2018 13:36:09 -0600https://stelfox.net/blog/2018-10-13-its-never-the-firewall/This last Thursday I had the privilege of giving a talk at our local Linux User Group about diagnosing firewall issues on Linux entitled “It’s Never the Firewall: Diagnosing Linux Firewall Issues”. I really enjoyed giving the talk, however, I left a few questions unanswered. While I may do a more extensive post on everything that I went through in the talk (I have been lax on writing content for this blog), this post is more to answer the outstanding questions and of course to make my slides available. \ No newline at end of file diff --git a/tags/kubernetes/index.xml b/tags/kubernetes/index.xml index e84ab92a..216e0817 100644 --- a/tags/kubernetes/index.xml +++ b/tags/kubernetes/index.xml @@ -1,2 +1,2 @@ -Kubernetes on Sam Stelfoxhttps://stelfox.net/tags/kubernetes/Recent content in Kubernetes on Sam StelfoxHugo 0.125.2en-USWed, 10 May 2023 22:41:02 -0400Podman Socket Compatibility for Metalk8shttps://stelfox.net/blog/2023-05-10-podman-socket-compatibility/Wed, 10 May 2023 22:41:02 -0400https://stelfox.net/blog/2023-05-10-podman-socket-compatibility/I’ve long appreciated what a project called metalk8s has been doing… Making Kubernetes run in an opinionated way for private data centers. I don’t agree with all their opinions but it’s open source and customizable. There is a problem though… +Kubernetes on Sam Stelfoxhttps://stelfox.net/tags/kubernetes/Recent content in Kubernetes on Sam StelfoxHugoen-USWed, 10 May 2023 22:41:02 -0400Podman Socket Compatibility for Metalk8shttps://stelfox.net/blog/2023-05-10-podman-socket-compatibility/Wed, 10 May 2023 22:41:02 -0400https://stelfox.net/blog/2023-05-10-podman-socket-compatibility/I’ve long appreciated what a project called metalk8s has been doing… Making Kubernetes run in an opinionated way for private data centers. I don’t agree with all their opinions but it’s open source and customizable. There is a problem though… The docker binary and daemon are largely being replaced and deprecated in favor of podman in the RedHat distros that metalk8s targets. I fully support this change, podman is a great open source tool that listens to user feedback and has far outstripped Docker in capabilities and security features. \ No newline at end of file diff --git a/tags/linux/index.xml b/tags/linux/index.xml index 9e65da17..ff089abc 100644 --- a/tags/linux/index.xml +++ b/tags/linux/index.xml @@ -1,4 +1,4 @@ -Linux on Sam Stelfoxhttps://stelfox.net/tags/linux/Recent content in Linux on Sam StelfoxHugo 0.125.2en-USWed, 10 May 2023 22:41:02 -0400Podman Socket Compatibility for Metalk8shttps://stelfox.net/blog/2023-05-10-podman-socket-compatibility/Wed, 10 May 2023 22:41:02 -0400https://stelfox.net/blog/2023-05-10-podman-socket-compatibility/I’ve long appreciated what a project called metalk8s has been doing… Making Kubernetes run in an opinionated way for private data centers. I don’t agree with all their opinions but it’s open source and customizable. There is a problem though… +Linux on Sam Stelfoxhttps://stelfox.net/tags/linux/Recent content in Linux on Sam StelfoxHugoen-USWed, 10 May 2023 22:41:02 -0400Podman Socket Compatibility for Metalk8shttps://stelfox.net/blog/2023-05-10-podman-socket-compatibility/Wed, 10 May 2023 22:41:02 -0400https://stelfox.net/blog/2023-05-10-podman-socket-compatibility/I’ve long appreciated what a project called metalk8s has been doing… Making Kubernetes run in an opinionated way for private data centers. I don’t agree with all their opinions but it’s open source and customizable. There is a problem though… The docker binary and daemon are largely being replaced and deprecated in favor of podman in the RedHat distros that metalk8s targets. I fully support this change, podman is a great open source tool that listens to user feedback and has far outstripped Docker in capabilities and security features.Logical Volume in Usehttps://stelfox.net/blog/2020-02-23-logical-volume-in-use/Sun, 23 Feb 2020 20:09:02 -0400https://stelfox.net/blog/2020-02-23-logical-volume-in-use/While attempting to automate some filesytem creation that involved LVM I kept running into an issue occasionally with some holding open the logical volumes. I would attempt to disable the volume using the following command: $ lvchange -an system/storage Logical volume system/storage contains a filesystem in use. All of the mounts for the filesystems that were on the volume were unmounted, so it must have been a process. The trick to finding this out is to query all the processes mount files to find out what is holding this open.Extracting Dracut Built initramfshttps://stelfox.net/blog/2020-02-18-extracting-dracut-initramfs/Tue, 18 Feb 2020 18:42:02 -0500https://stelfox.net/blog/2020-02-18-extracting-dracut-initramfs/It’s been a hot second since I’ve dived into the lands of initramfs and since then it seems like things have gotten more complicated. This is the way of things in tech and usually has a good reason. The simple way that used to work wonders (and is still required) to start with, was to identify if the file is compressed: $ file /boot/initramfs-current.img /boot/initramfs-current.img: ASCII cpio archive (SVR4 with no CRC) In this case the file appears to be entirely uncompressed which is convenient and likely exactly what you’ll experience for reasons I’m about to get to.Blender Loop Select in Cinnamonhttps://stelfox.net/blog/2019-11-27-blender-loop-select-in-cinnamon/Wed, 27 Nov 2019 16:42:02 -0500https://stelfox.net/blog/2019-11-27-blender-loop-select-in-cinnamon/I’ve recently been playing around with Blender (following this tutorial series). In Part 4 of the Level 1 series, the host Andrew Price is teaching about loop selects which very simply is holding down Alt while clicking on a vertex. The issue wasn’t working for me though I found quite a few other users experiencing the issue. diff --git a/tags/lvm/index.xml b/tags/lvm/index.xml index 9f7aa4d9..4c7e7920 100644 --- a/tags/lvm/index.xml +++ b/tags/lvm/index.xml @@ -1,4 +1,4 @@ -Lvm on Sam Stelfoxhttps://stelfox.net/tags/lvm/Recent content in Lvm on Sam StelfoxHugo 0.125.2en-USSun, 23 Feb 2020 20:09:02 -0400Logical Volume in Usehttps://stelfox.net/blog/2020-02-23-logical-volume-in-use/Sun, 23 Feb 2020 20:09:02 -0400https://stelfox.net/blog/2020-02-23-logical-volume-in-use/While attempting to automate some filesytem creation that involved LVM I kept running into an issue occasionally with some holding open the logical volumes. I would attempt to disable the volume using the following command: +Lvm on Sam Stelfoxhttps://stelfox.net/tags/lvm/Recent content in Lvm on Sam StelfoxHugoen-USSun, 23 Feb 2020 20:09:02 -0400Logical Volume in Usehttps://stelfox.net/blog/2020-02-23-logical-volume-in-use/Sun, 23 Feb 2020 20:09:02 -0400https://stelfox.net/blog/2020-02-23-logical-volume-in-use/While attempting to automate some filesytem creation that involved LVM I kept running into an issue occasionally with some holding open the logical volumes. I would attempt to disable the volume using the following command: $ lvchange -an system/storage Logical volume system/storage contains a filesystem in use. All of the mounts for the filesystems that were on the volume were unmounted, so it must have been a process. The trick to finding this out is to query all the processes mount files to find out what is holding this open.Investigating LVM From Dracuthttps://stelfox.net/blog/2017-10-24-investigating-lvm-from-dracut/Tue, 24 Oct 2017 11:45:07 -0400https://stelfox.net/blog/2017-10-24-investigating-lvm-from-dracut/In my my last post, I covered finding logical volumes that were missing from LVM from within a live CD (which is effectively a whole standard environment). Working with dracut is quite a bit more limited. Turns out that the commands I’m normally used to for operating and inspecting LVM volumes can all be accessed as a second parameter to the lvm tool like so: $ lvm vgscan $ lvm pvscan $ lvm lvscan For my particular issue, it led me to notice that block device of my root filesystem was missing due to a missing kernel driver…Visible Yet Missing Logical Volumeshttps://stelfox.net/blog/2017-10-24-visible-yet-missing-logical-volumes/Tue, 24 Oct 2017 10:58:12 -0400https://stelfox.net/blog/2017-10-24-visible-yet-missing-logical-volumes/While working on an automated install script for an embedded board, I hit an issue with the logical volumes never showing up in /dev/mapper, and in turn unable to be mounted. This left me in the dracut emergency shell (after about three minutes), with little to go on beyond the following error: diff --git a/tags/metalk8s/index.xml b/tags/metalk8s/index.xml index 4a8dde03..34124fcf 100644 --- a/tags/metalk8s/index.xml +++ b/tags/metalk8s/index.xml @@ -1,2 +1,2 @@ -Metalk8s on Sam Stelfoxhttps://stelfox.net/tags/metalk8s/Recent content in Metalk8s on Sam StelfoxHugo 0.125.2en-USWed, 10 May 2023 22:41:02 -0400Podman Socket Compatibility for Metalk8shttps://stelfox.net/blog/2023-05-10-podman-socket-compatibility/Wed, 10 May 2023 22:41:02 -0400https://stelfox.net/blog/2023-05-10-podman-socket-compatibility/I’ve long appreciated what a project called metalk8s has been doing… Making Kubernetes run in an opinionated way for private data centers. I don’t agree with all their opinions but it’s open source and customizable. There is a problem though… +Metalk8s on Sam Stelfoxhttps://stelfox.net/tags/metalk8s/Recent content in Metalk8s on Sam StelfoxHugoen-USWed, 10 May 2023 22:41:02 -0400Podman Socket Compatibility for Metalk8shttps://stelfox.net/blog/2023-05-10-podman-socket-compatibility/Wed, 10 May 2023 22:41:02 -0400https://stelfox.net/blog/2023-05-10-podman-socket-compatibility/I’ve long appreciated what a project called metalk8s has been doing… Making Kubernetes run in an opinionated way for private data centers. I don’t agree with all their opinions but it’s open source and customizable. There is a problem though… The docker binary and daemon are largely being replaced and deprecated in favor of podman in the RedHat distros that metalk8s targets. I fully support this change, podman is a great open source tool that listens to user feedback and has far outstripped Docker in capabilities and security features. \ No newline at end of file diff --git a/tags/network/index.xml b/tags/network/index.xml index da19b84b..61193554 100644 --- a/tags/network/index.xml +++ b/tags/network/index.xml @@ -1,3 +1,3 @@ -Network on Sam Stelfoxhttps://stelfox.net/tags/network/Recent content in Network on Sam StelfoxHugo 0.125.2en-USSat, 26 May 2018 18:41:09 -0600Setting Up EdgeRouter PoE on Google Fiberhttps://stelfox.net/blog/2018-05-26-edgerouter-poe-for-google-fiber/Sat, 26 May 2018 18:41:09 -0600https://stelfox.net/blog/2018-05-26-edgerouter-poe-for-google-fiber/I recently moved to an area with Google Fiber and jumped on the chance to have a cheap and fast connection, and I didn’t need to sell my soul to certain other companies. I already owned a Ubiquiti EdgeRouter PoE 5 which has been battle tested at easily routing a gigabit worth of small packets. +Network on Sam Stelfoxhttps://stelfox.net/tags/network/Recent content in Network on Sam StelfoxHugoen-USSat, 26 May 2018 18:41:09 -0600Setting Up EdgeRouter PoE on Google Fiberhttps://stelfox.net/blog/2018-05-26-edgerouter-poe-for-google-fiber/Sat, 26 May 2018 18:41:09 -0600https://stelfox.net/blog/2018-05-26-edgerouter-poe-for-google-fiber/I recently moved to an area with Google Fiber and jumped on the chance to have a cheap and fast connection, and I didn’t need to sell my soul to certain other companies. I already owned a Ubiquiti EdgeRouter PoE 5 which has been battle tested at easily routing a gigabit worth of small packets. When setting up my service, the representative I talked to told me I was able to use my own router, but I would still need to get a Google Fiber Network Box.Quick and Silent Gigabit Packet Interceptionhttps://stelfox.net/blog/2018-05-13-quick-and-silent-gigabit-packet-interception/Sun, 13 May 2018 00:55:09 -0600https://stelfox.net/blog/2018-05-13-quick-and-silent-gigabit-packet-interception/I regularly find myself inspecting traffic on Linux systems. Usually I’m already on the client or server when doing this (such as when diagnosing weird low level app behavior, or unknown, or unusual traffic). It has been a while since I’ve needed to silently be the wire between two black boxes. While verifying link level information about bypassing my Google Fiber Network Box I needed to be that wire again. Before I connected any wires to anything I needed to be sure I wouldn’t accidentally leak traffic as I wasn’t sure what would impact the link. \ No newline at end of file diff --git a/tags/networking/index.xml b/tags/networking/index.xml index 443c3f15..a54a66e9 100644 --- a/tags/networking/index.xml +++ b/tags/networking/index.xml @@ -1,4 +1,4 @@ -Networking on Sam Stelfoxhttps://stelfox.net/tags/networking/Recent content in Networking on Sam StelfoxHugo 0.125.2en-USWed, 27 Mar 2019 19:11:30 -0400Merging Overlapping Subnetshttps://stelfox.net/blog/2019-03-27-merging-overlapping-subnets/Wed, 27 Mar 2019 19:11:30 -0400https://stelfox.net/blog/2019-03-27-merging-overlapping-subnets/Once upon a time there was a single AWS account. In this AWS account was several regions but a single VPC. To make sure expansions into other regions was possible this VPC chose to use the largest private subnet which just so happened to also be the default (10.0.0.0/8). +Networking on Sam Stelfoxhttps://stelfox.net/tags/networking/Recent content in Networking on Sam StelfoxHugoen-USWed, 27 Mar 2019 19:11:30 -0400Merging Overlapping Subnetshttps://stelfox.net/blog/2019-03-27-merging-overlapping-subnets/Wed, 27 Mar 2019 19:11:30 -0400https://stelfox.net/blog/2019-03-27-merging-overlapping-subnets/Once upon a time there was a single AWS account. In this AWS account was several regions but a single VPC. To make sure expansions into other regions was possible this VPC chose to use the largest private subnet which just so happened to also be the default (10.0.0.0/8). Another AWS account enter the picture and while they were single they came to the same conclusion and followed the best practices and defaults to their heart’s content.AWS Elastic IP Detailshttps://stelfox.net/blog/2019-03-17-aws-elastic-ip-details/Sun, 17 Mar 2019 16:26:30 -0500https://stelfox.net/blog/2019-03-17-aws-elastic-ip-details/Sometimes it becomes important to understand how your cloud provider implements certain networking details. While working through an issue in AWS I needed to understand how they handle public IP addressing. While this issue for me was specific to an Elastic IP all of their public addresses are handled this way and may bite you even without them. The problems specifically crop up when a hosted piece of software does NAT traversal detection and changes it’s behavior based on the result.Fighting IPSec on AWShttps://stelfox.net/blog/2019-03-14-fighting-with-ipsec/Thu, 14 Mar 2019 21:26:30 -0400https://stelfox.net/blog/2019-03-14-fighting-with-ipsec/IPSec is a well known and well understood protocol that is pretty easy to get setup and going… Most of the time. While setting up an IPSec tunnel to an AWS host I came across a new and unique experience that didn’t seem to have an easily searchable solution. I had two CentOS 7 EC2 instances, each set up with their own Elastic IP in a default VPC. I installed and configured libreswan with the following config:GRE Tunnelhttps://stelfox.net/notes/gre/Mon, 09 Oct 2017 22:14:23 +0000https://stelfox.net/notes/gre/GRE encapsulates all layer 2 traffic, but does so through an unencrypted tunnel. Sensitive traffic should exclusively go through a lower level encrypted tunnel like IPSec. Firewall The following iptables need to be enabled to allow the GRE traffic to and from the system. This should be restricted to / from IP addresses as well. diff --git a/tags/news/index.xml b/tags/news/index.xml index 79755995..9bc6ddb7 100644 --- a/tags/news/index.xml +++ b/tags/news/index.xml @@ -1,2 +1,2 @@ -News on Sam Stelfoxhttps://stelfox.net/tags/news/Recent content in News on Sam StelfoxHugo 0.125.2en-USWed, 04 Dec 2013 13:18:15 -0500Taking Back the Skyhttps://stelfox.net/blog/taking-back-the-sky/Wed, 04 Dec 2013 13:18:15 -0500https://stelfox.net/blog/taking-back-the-sky/During my daily review of various new sources I came across one particular article that was both concerning and very amusing. Drones have been getting more and more popular, and more accessible. They’ve been getting used by the military, law enforcement, recently Amazon (though they’ve abandoned that for now), you can even purchase one for your iPhone at airports. +News on Sam Stelfoxhttps://stelfox.net/tags/news/Recent content in News on Sam StelfoxHugoen-USWed, 04 Dec 2013 13:18:15 -0500Taking Back the Skyhttps://stelfox.net/blog/taking-back-the-sky/Wed, 04 Dec 2013 13:18:15 -0500https://stelfox.net/blog/taking-back-the-sky/During my daily review of various new sources I came across one particular article that was both concerning and very amusing. Drones have been getting more and more popular, and more accessible. They’ve been getting used by the military, law enforcement, recently Amazon (though they’ve abandoned that for now), you can even purchase one for your iPhone at airports. The security of these systems hasn’t been thoroughly tested publicly, though there is at least one report of a military drone being stolen already. \ No newline at end of file diff --git a/tags/nginx/index.xml b/tags/nginx/index.xml index 9c6ddffd..d2b25ac8 100644 --- a/tags/nginx/index.xml +++ b/tags/nginx/index.xml @@ -1,4 +1,4 @@ -Nginx on Sam Stelfoxhttps://stelfox.net/tags/nginx/Recent content in Nginx on Sam StelfoxHugo 0.125.2en-USFri, 25 Oct 2019 11:26:31 -0500Fixing Hung Nginx Workershttps://stelfox.net/blog/2019-10-25-fixing-hung-nginx-workers/Fri, 25 Oct 2019 11:26:31 -0500https://stelfox.net/blog/2019-10-25-fixing-hung-nginx-workers/While cleaning up some tech debt, a curious issue cropped up. Nginx was running in an alpine container as a front end load balancer. It had a dynamic config that got periodically updated by a sidecar, and had filebeat shipping logs out to a central collector but otherwise was just a very simple Nginx config. +Nginx on Sam Stelfoxhttps://stelfox.net/tags/nginx/Recent content in Nginx on Sam StelfoxHugoen-USFri, 25 Oct 2019 11:26:31 -0500Fixing Hung Nginx Workershttps://stelfox.net/blog/2019-10-25-fixing-hung-nginx-workers/Fri, 25 Oct 2019 11:26:31 -0500https://stelfox.net/blog/2019-10-25-fixing-hung-nginx-workers/While cleaning up some tech debt, a curious issue cropped up. Nginx was running in an alpine container as a front end load balancer. It had a dynamic config that got periodically updated by a sidecar, and had filebeat shipping logs out to a central collector but otherwise was just a very simple Nginx config. Every now and then the container would crash, it would automatically recover fast enough no alarms were lost and the clients would just resend their requests.Run Your Own DNS-over-TLS Serverhttps://stelfox.net/blog/2018-11-02-run-your-own-dns-over-tls-server/Fri, 02 Nov 2018 15:09:02 -0600https://stelfox.net/blog/2018-11-02-run-your-own-dns-over-tls-server/DNS-over-TLS is a relatively new privacy enhancing protocol that encrypts all of your DNS requests to a trusted server. In an age when airports, and coffee shops are outsourcing ‘free wifi’ to corporate entities that are likely harvesting as much data as they can this is a nice addition. I largely use VPNs when connected to these access points which provides at least as good protection as DNS-over-TLS which has caused me to largely overlook this development.Weird CloudFlare Behaviorhttps://stelfox.net/blog/2018-10-21-weird-cloudflare-behavior/Sun, 21 Oct 2018 22:36:09 -0600https://stelfox.net/blog/2018-10-21-weird-cloudflare-behavior/While working on a replacement webserver, I encountered some odd behavior which took a bit to track down to CloudFlare. This isn’t a bug or an issue with CloudFlare, it was just unexpected. The server was configured to respond to www.example.tld as well as example.tld, to both encrypted and unencrypted connections. Any requests to the www. domain get redirected to https://example.tld. The config was roughly: server { listen 80; listen [::]:80; listen 443 ssl http2; listen [::]:443 ssl http2; server_name www. \ No newline at end of file diff --git a/tags/openldap/index.xml b/tags/openldap/index.xml index 4d7fb204..3eeafe42 100644 --- a/tags/openldap/index.xml +++ b/tags/openldap/index.xml @@ -1,3 +1,3 @@ -Openldap on Sam Stelfoxhttps://stelfox.net/tags/openldap/Recent content in Openldap on Sam StelfoxHugo 0.125.2en-USSat, 24 Mar 2018 20:20:22 -0600Converting OpenLDAP Schemas to LDIFhttps://stelfox.net/blog/2018-03-24-converting-openldap-schemas-to-ldif/Sat, 24 Mar 2018 20:20:22 -0600https://stelfox.net/blog/2018-03-24-converting-openldap-schemas-to-ldif/I’ve been writing software to work against an OpenLDAP instance, with a highly customized schema. The operators of the existing system only had the schema files and searching around found several elaborate ways to convert the files which I tried with mixed success. After doing the research to figure this out, it became clear I could probably have used slapcat and have dumped the active schema directly to LDIF. +Openldap on Sam Stelfoxhttps://stelfox.net/tags/openldap/Recent content in Openldap on Sam StelfoxHugoen-USSat, 24 Mar 2018 20:20:22 -0600Converting OpenLDAP Schemas to LDIFhttps://stelfox.net/blog/2018-03-24-converting-openldap-schemas-to-ldif/Sat, 24 Mar 2018 20:20:22 -0600https://stelfox.net/blog/2018-03-24-converting-openldap-schemas-to-ldif/I’ve been writing software to work against an OpenLDAP instance, with a highly customized schema. The operators of the existing system only had the schema files and searching around found several elaborate ways to convert the files which I tried with mixed success. After doing the research to figure this out, it became clear I could probably have used slapcat and have dumped the active schema directly to LDIF. As a sample of how I converted these, I’ll use the rfc2307bis.Including LDIF Files in OpenLDAPhttps://stelfox.net/blog/2018-03-24-including-ldif-files-in-openldap/Sat, 24 Mar 2018 20:20:22 -0600https://stelfox.net/blog/2018-03-24-including-ldif-files-in-openldap/While setting up and OpenLDAP server I found my distribution shipped with a couple of schema files, but no equivalent LDIF files. I found ways to convert the file using slapcat and slaptest and the files were valid on their own. I was specifically trying to bootstrap an OpenLDAP server, with it’s schema, from scratch for a CI/CD system to test against. To accomplish this I was making use of the include directive in a configuration LDIF file and saw some very odd behavior. \ No newline at end of file diff --git a/tags/openvpn/index.xml b/tags/openvpn/index.xml index 7643a8d9..5fe90a98 100644 --- a/tags/openvpn/index.xml +++ b/tags/openvpn/index.xml @@ -1,2 +1,2 @@ -Openvpn on Sam Stelfoxhttps://stelfox.net/tags/openvpn/Recent content in Openvpn on Sam StelfoxHugo 0.125.2en-USSun, 04 Nov 2018 15:09:02 -0600Performance Impact of OpenVPN Port Sharinghttps://stelfox.net/blog/2018-11-04-performance-impact-of-openvpn-portsharing/Sun, 04 Nov 2018 15:09:02 -0600https://stelfox.net/blog/2018-11-04-performance-impact-of-openvpn-portsharing/I recently had cause to use OpenVPN on the standard HTTPS port to protect my traffic. This was done as a compromise with administrators who didn’t want to change their egress filtering, but wanted to allow me to continue doing my normal work. +Openvpn on Sam Stelfoxhttps://stelfox.net/tags/openvpn/Recent content in Openvpn on Sam StelfoxHugoen-USSun, 04 Nov 2018 15:09:02 -0600Performance Impact of OpenVPN Port Sharinghttps://stelfox.net/blog/2018-11-04-performance-impact-of-openvpn-portsharing/Sun, 04 Nov 2018 15:09:02 -0600https://stelfox.net/blog/2018-11-04-performance-impact-of-openvpn-portsharing/I recently had cause to use OpenVPN on the standard HTTPS port to protect my traffic. This was done as a compromise with administrators who didn’t want to change their egress filtering, but wanted to allow me to continue doing my normal work. I already run several webservers, including this one, and didn’t want to give up exclusive access to the precious TCP port 443. The recommended way to deal with this is to make use of the port-share option built into OpenVPN. \ No newline at end of file diff --git a/tags/performance/index.xml b/tags/performance/index.xml index 452fbd6f..3c4349e2 100644 --- a/tags/performance/index.xml +++ b/tags/performance/index.xml @@ -1,2 +1,2 @@ -Performance on Sam Stelfoxhttps://stelfox.net/tags/performance/Recent content in Performance on Sam StelfoxHugo 0.125.2en-USSun, 04 Nov 2018 15:09:02 -0600Performance Impact of OpenVPN Port Sharinghttps://stelfox.net/blog/2018-11-04-performance-impact-of-openvpn-portsharing/Sun, 04 Nov 2018 15:09:02 -0600https://stelfox.net/blog/2018-11-04-performance-impact-of-openvpn-portsharing/I recently had cause to use OpenVPN on the standard HTTPS port to protect my traffic. This was done as a compromise with administrators who didn’t want to change their egress filtering, but wanted to allow me to continue doing my normal work. +Performance on Sam Stelfoxhttps://stelfox.net/tags/performance/Recent content in Performance on Sam StelfoxHugoen-USSun, 04 Nov 2018 15:09:02 -0600Performance Impact of OpenVPN Port Sharinghttps://stelfox.net/blog/2018-11-04-performance-impact-of-openvpn-portsharing/Sun, 04 Nov 2018 15:09:02 -0600https://stelfox.net/blog/2018-11-04-performance-impact-of-openvpn-portsharing/I recently had cause to use OpenVPN on the standard HTTPS port to protect my traffic. This was done as a compromise with administrators who didn’t want to change their egress filtering, but wanted to allow me to continue doing my normal work. I already run several webservers, including this one, and didn’t want to give up exclusive access to the precious TCP port 443. The recommended way to deal with this is to make use of the port-share option built into OpenVPN. \ No newline at end of file diff --git a/tags/podman/index.xml b/tags/podman/index.xml index 95da1b54..b921b507 100644 --- a/tags/podman/index.xml +++ b/tags/podman/index.xml @@ -1,2 +1,2 @@ -Podman on Sam Stelfoxhttps://stelfox.net/tags/podman/Recent content in Podman on Sam StelfoxHugo 0.125.2en-USWed, 10 May 2023 22:41:02 -0400Podman Socket Compatibility for Metalk8shttps://stelfox.net/blog/2023-05-10-podman-socket-compatibility/Wed, 10 May 2023 22:41:02 -0400https://stelfox.net/blog/2023-05-10-podman-socket-compatibility/I’ve long appreciated what a project called metalk8s has been doing… Making Kubernetes run in an opinionated way for private data centers. I don’t agree with all their opinions but it’s open source and customizable. There is a problem though… +Podman on Sam Stelfoxhttps://stelfox.net/tags/podman/Recent content in Podman on Sam StelfoxHugoen-USWed, 10 May 2023 22:41:02 -0400Podman Socket Compatibility for Metalk8shttps://stelfox.net/blog/2023-05-10-podman-socket-compatibility/Wed, 10 May 2023 22:41:02 -0400https://stelfox.net/blog/2023-05-10-podman-socket-compatibility/I’ve long appreciated what a project called metalk8s has been doing… Making Kubernetes run in an opinionated way for private data centers. I don’t agree with all their opinions but it’s open source and customizable. There is a problem though… The docker binary and daemon are largely being replaced and deprecated in favor of podman in the RedHat distros that metalk8s targets. I fully support this change, podman is a great open source tool that listens to user feedback and has far outstripped Docker in capabilities and security features. \ No newline at end of file diff --git a/tags/postgres/index.xml b/tags/postgres/index.xml index 34ec2e7a..727a2208 100644 --- a/tags/postgres/index.xml +++ b/tags/postgres/index.xml @@ -1,3 +1,3 @@ -Postgres on Sam Stelfoxhttps://stelfox.net/tags/postgres/Recent content in Postgres on Sam StelfoxHugo 0.125.2en-USWed, 28 May 2014 18:00:55 -0400PG::Error: ERROR: Type 'Hstore' Does Not Existhttps://stelfox.net/blog/pg-error-error-type-hstore-does-not-exist/Wed, 28 May 2014 18:00:55 -0400https://stelfox.net/blog/pg-error-error-type-hstore-does-not-exist/I’ve been using the PostgreSQL’s hstore extension in a Rails application lately and kept encountering the error that is this post’s namesake. It would specifically happen when a database had been dropped, recreated and I freshly ran the migrations. +Postgres on Sam Stelfoxhttps://stelfox.net/tags/postgres/Recent content in Postgres on Sam StelfoxHugoen-USWed, 28 May 2014 18:00:55 -0400PG::Error: ERROR: Type 'Hstore' Does Not Existhttps://stelfox.net/blog/pg-error-error-type-hstore-does-not-exist/Wed, 28 May 2014 18:00:55 -0400https://stelfox.net/blog/pg-error-error-type-hstore-does-not-exist/I’ve been using the PostgreSQL’s hstore extension in a Rails application lately and kept encountering the error that is this post’s namesake. It would specifically happen when a database had been dropped, recreated and I freshly ran the migrations. It seems that while Rails 4 supports the HStore datatype, it doesn’t enable the extension itself. I’ve found two ways too solve this issue in wildly different ways. First Solution: Enable HStore by Default This is the common solution that is recommended too solve this issue. \ No newline at end of file diff --git a/tags/programming/index.xml b/tags/programming/index.xml index 0aeb0f68..3aa657c1 100644 --- a/tags/programming/index.xml +++ b/tags/programming/index.xml @@ -1,2 +1,2 @@ -Programming on Sam Stelfoxhttps://stelfox.net/tags/programming/Recent content in Programming on Sam StelfoxHugo 0.125.2en-USThu, 13 Apr 2023 20:51:02 -0400Combining "Subscribers" in Rust's Tracing Libraryhttps://stelfox.net/blog/2023-03-13-chained-tracing-subscribers/Thu, 13 Apr 2023 20:51:02 -0400https://stelfox.net/blog/2023-03-13-chained-tracing-subscribers/Tracing is a fantastic Rust library that I’ve found immensely useful, but I feel its documentation and API could still use a bit of polish. At first glance, the distinctions and roles of Subscribers, Layers, Filters, and Writers seem clear and well-documented. But when dealing with less common use cases, understanding their interactions and handling trait-based errors can become challenging. +Programming on Sam Stelfoxhttps://stelfox.net/tags/programming/Recent content in Programming on Sam StelfoxHugoen-USThu, 13 Apr 2023 20:51:02 -0400Combining "Subscribers" in Rust's Tracing Libraryhttps://stelfox.net/blog/2023-03-13-chained-tracing-subscribers/Thu, 13 Apr 2023 20:51:02 -0400https://stelfox.net/blog/2023-03-13-chained-tracing-subscribers/Tracing is a fantastic Rust library that I’ve found immensely useful, but I feel its documentation and API could still use a bit of polish. At first glance, the distinctions and roles of Subscribers, Layers, Filters, and Writers seem clear and well-documented. But when dealing with less common use cases, understanding their interactions and handling trait-based errors can become challenging. So, I’m thinking I need multiple “Subscribers” for the various events being traced, right? \ No newline at end of file diff --git a/tags/ruby/index.xml b/tags/ruby/index.xml index 831888fe..cd673817 100644 --- a/tags/ruby/index.xml +++ b/tags/ruby/index.xml @@ -1,4 +1,4 @@ -Ruby on Sam Stelfoxhttps://stelfox.net/tags/ruby/Recent content in Ruby on Sam StelfoxHugo 0.125.2en-USWed, 23 May 2018 07:53:19 -0600Parsing HTTP Responses in Rubyhttps://stelfox.net/blog/2018-05-23-parsing-http-responses-in-ruby/Wed, 23 May 2018 07:53:19 -0600https://stelfox.net/blog/2018-05-23-parsing-http-responses-in-ruby/Normally handling HTTP responses in Ruby is rather straight forward. There is a native library in Ruby that handles HTTP requests which parses the responses into a neat data structure that you can then operate on. What if you want to work on stored HTTP responses outside of a connection though? This was the situation I found myself in and thanks to a series of unusual decisions in the Ruby core library I found myself left out in the cold.Sharing Context Between Dependent Rake Taskshttps://stelfox.net/blog/sharing-context-between-dependent-rake-tasks/Thu, 18 Feb 2016 15:46:12 -0500https://stelfox.net/blog/sharing-context-between-dependent-rake-tasks/I use Rakefiles quite a bit like traditional Makefiles, in that I specify immediate dependencies for an individual task and Rake will execute all of them. If a file or directory is the dependency and it exists, the task that creates it will be skipped. A contrived Rakefile example might look like: +Ruby on Sam Stelfoxhttps://stelfox.net/tags/ruby/Recent content in Ruby on Sam StelfoxHugoen-USWed, 23 May 2018 07:53:19 -0600Parsing HTTP Responses in Rubyhttps://stelfox.net/blog/2018-05-23-parsing-http-responses-in-ruby/Wed, 23 May 2018 07:53:19 -0600https://stelfox.net/blog/2018-05-23-parsing-http-responses-in-ruby/Normally handling HTTP responses in Ruby is rather straight forward. There is a native library in Ruby that handles HTTP requests which parses the responses into a neat data structure that you can then operate on. What if you want to work on stored HTTP responses outside of a connection though? This was the situation I found myself in and thanks to a series of unusual decisions in the Ruby core library I found myself left out in the cold.Sharing Context Between Dependent Rake Taskshttps://stelfox.net/blog/sharing-context-between-dependent-rake-tasks/Thu, 18 Feb 2016 15:46:12 -0500https://stelfox.net/blog/sharing-context-between-dependent-rake-tasks/I use Rakefiles quite a bit like traditional Makefiles, in that I specify immediate dependencies for an individual task and Rake will execute all of them. If a file or directory is the dependency and it exists, the task that creates it will be skipped. A contrived Rakefile example might look like: file 'sample' do |t| puts 'Creating sample directory' Dir.mkdir(t.name) end file 'sample/population.txt' => ['sample'] do |t| puts 'Creating sample population file.Ruby Code Quality Metricshttps://stelfox.net/blog/ruby-code-quality-metrics/Wed, 22 Apr 2015 16:47:10 -0400https://stelfox.net/blog/ruby-code-quality-metrics/I like getting unopinionated feedback on the quality of the code I write. Sometimes I can get this from other developers but they tend to get annoyed being asked after every commit whether they consider it an improvement. There are a few utilities for Ruby codebases such as flay, flog, and rubocop as well as hosted services such as Code Climate that can help you identify chunks of code that can use some work.PG::Error: ERROR: Type 'Hstore' Does Not Existhttps://stelfox.net/blog/pg-error-error-type-hstore-does-not-exist/Wed, 28 May 2014 18:00:55 -0400https://stelfox.net/blog/pg-error-error-type-hstore-does-not-exist/I’ve been using the PostgreSQL’s hstore extension in a Rails application lately and kept encountering the error that is this post’s namesake. It would specifically happen when a database had been dropped, recreated and I freshly ran the migrations. It seems that while Rails 4 supports the HStore datatype, it doesn’t enable the extension itself. I’ve found two ways too solve this issue in wildly different ways. diff --git a/tags/rust/index.xml b/tags/rust/index.xml index 97ec9084..3589b536 100644 --- a/tags/rust/index.xml +++ b/tags/rust/index.xml @@ -1,2 +1,2 @@ -Rust on Sam Stelfoxhttps://stelfox.net/tags/rust/Recent content in Rust on Sam StelfoxHugo 0.125.2en-USThu, 13 Apr 2023 20:51:02 -0400Combining "Subscribers" in Rust's Tracing Libraryhttps://stelfox.net/blog/2023-03-13-chained-tracing-subscribers/Thu, 13 Apr 2023 20:51:02 -0400https://stelfox.net/blog/2023-03-13-chained-tracing-subscribers/Tracing is a fantastic Rust library that I’ve found immensely useful, but I feel its documentation and API could still use a bit of polish. At first glance, the distinctions and roles of Subscribers, Layers, Filters, and Writers seem clear and well-documented. But when dealing with less common use cases, understanding their interactions and handling trait-based errors can become challenging. +Rust on Sam Stelfoxhttps://stelfox.net/tags/rust/Recent content in Rust on Sam StelfoxHugoen-USThu, 13 Apr 2023 20:51:02 -0400Combining "Subscribers" in Rust's Tracing Libraryhttps://stelfox.net/blog/2023-03-13-chained-tracing-subscribers/Thu, 13 Apr 2023 20:51:02 -0400https://stelfox.net/blog/2023-03-13-chained-tracing-subscribers/Tracing is a fantastic Rust library that I’ve found immensely useful, but I feel its documentation and API could still use a bit of polish. At first glance, the distinctions and roles of Subscribers, Layers, Filters, and Writers seem clear and well-documented. But when dealing with less common use cases, understanding their interactions and handling trait-based errors can become challenging. So, I’m thinking I need multiple “Subscribers” for the various events being traced, right? \ No newline at end of file diff --git a/tags/security/index.xml b/tags/security/index.xml index 05c1a761..7d8948cb 100644 --- a/tags/security/index.xml +++ b/tags/security/index.xml @@ -1,4 +1,4 @@ -Security on Sam Stelfoxhttps://stelfox.net/tags/security/Recent content in Security on Sam StelfoxHugo 0.125.2en-USSun, 04 Nov 2018 15:09:02 -0600Performance Impact of OpenVPN Port Sharinghttps://stelfox.net/blog/2018-11-04-performance-impact-of-openvpn-portsharing/Sun, 04 Nov 2018 15:09:02 -0600https://stelfox.net/blog/2018-11-04-performance-impact-of-openvpn-portsharing/I recently had cause to use OpenVPN on the standard HTTPS port to protect my traffic. This was done as a compromise with administrators who didn’t want to change their egress filtering, but wanted to allow me to continue doing my normal work. +Security on Sam Stelfoxhttps://stelfox.net/tags/security/Recent content in Security on Sam StelfoxHugoen-USSun, 04 Nov 2018 15:09:02 -0600Performance Impact of OpenVPN Port Sharinghttps://stelfox.net/blog/2018-11-04-performance-impact-of-openvpn-portsharing/Sun, 04 Nov 2018 15:09:02 -0600https://stelfox.net/blog/2018-11-04-performance-impact-of-openvpn-portsharing/I recently had cause to use OpenVPN on the standard HTTPS port to protect my traffic. This was done as a compromise with administrators who didn’t want to change their egress filtering, but wanted to allow me to continue doing my normal work. I already run several webservers, including this one, and didn’t want to give up exclusive access to the precious TCP port 443. The recommended way to deal with this is to make use of the port-share option built into OpenVPN.Run Your Own DNS-over-TLS Serverhttps://stelfox.net/blog/2018-11-02-run-your-own-dns-over-tls-server/Fri, 02 Nov 2018 15:09:02 -0600https://stelfox.net/blog/2018-11-02-run-your-own-dns-over-tls-server/DNS-over-TLS is a relatively new privacy enhancing protocol that encrypts all of your DNS requests to a trusted server. In an age when airports, and coffee shops are outsourcing ‘free wifi’ to corporate entities that are likely harvesting as much data as they can this is a nice addition. I largely use VPNs when connected to these access points which provides at least as good protection as DNS-over-TLS which has caused me to largely overlook this development.It's Never the Firewallhttps://stelfox.net/blog/2018-10-13-its-never-the-firewall/Sun, 14 Oct 2018 13:36:09 -0600https://stelfox.net/blog/2018-10-13-its-never-the-firewall/This last Thursday I had the privilege of giving a talk at our local Linux User Group about diagnosing firewall issues on Linux entitled “It’s Never the Firewall: Diagnosing Linux Firewall Issues”. I really enjoyed giving the talk, however, I left a few questions unanswered. While I may do a more extensive post on everything that I went through in the talk (I have been lax on writing content for this blog), this post is more to answer the outstanding questions and of course to make my slides available.Syslog-NGhttps://stelfox.net/notes/syslog_ng/Wed, 25 Oct 2017 01:56:02 -0400https://stelfox.net/notes/syslog_ng/Syslog-NG is a fast, reliable, and secure syslog daemon that can do advanced processing and log centralization while maintaining a sane configuration file syntax. I’ve recently come to vastly prefer it over my previous long term favorite Rsyslog. It’s important to note that when modifying the logs statements, they will be processed in order. This means log statements that finalize a message will never make it past that statement. This finalization behavior can be a great tool for optimizing the processing path of logs but can result in unexpected behavior if you don’t pay attention when re-ordering the statements.CFSSLhttps://stelfox.net/notes/cfssl/Tue, 24 Oct 2017 18:39:22 -0400https://stelfox.net/notes/cfssl/CFSSL is a toolkit of utilities for TLS PKI infrastructures and supports more functionality than I’ve personally needed. It is a fast and convenient way to setup and manage a multi-layer internal certificate authority. I’ve used it to generate an internal root CA, with sub-CAs for internal only server certificates, and separate CAs for each domain of client certificates (such as VPN, log, mail, and LDAP servers). This allows the root CA to be protected more stringently than specific domains.Vultr Deny All Firewallhttps://stelfox.net/blog/2017-10-20-vultr-deny-all-firewall/Fri, 20 Oct 2017 17:18:36 -0400https://stelfox.net/blog/2017-10-20-vultr-deny-all-firewall/While setting up new instances on Vultr for testing, I wanted to initially ensure that no traffic beyond my own could touch the instances. After adding a matching rule for SSH to my IPv4 address, a default rule shows up that drops any unspecified traffic. Switching to the IPv6 I wanted to add a drop all rule (as I wouldn’t be using IPv6 until the system was up). diff --git a/tags/servers/index.xml b/tags/servers/index.xml index a169362e..6de25465 100644 --- a/tags/servers/index.xml +++ b/tags/servers/index.xml @@ -1,4 +1,4 @@ -Servers on Sam Stelfoxhttps://stelfox.net/tags/servers/Recent content in Servers on Sam StelfoxHugo 0.125.2en-USMon, 30 Jun 2014 21:43:02 -0400Fixing Erratic BMC Controller on PowerEdge C6100https://stelfox.net/blog/fixing-erratic-bmc-controller-on-poweredge-c6100/Mon, 30 Jun 2014 21:43:02 -0400https://stelfox.net/blog/fixing-erratic-bmc-controller-on-poweredge-c6100/I randomly started experiencing an issue with one blade in one of my PowerEdge C6100 blades. It wouldn’t obey all commands issued too it via IPMI or through the BMC’s web interface. Additionally the blade would randomly power on when off, and the front light would consistently blink as if a hardware fault was detected. +Servers on Sam Stelfoxhttps://stelfox.net/tags/servers/Recent content in Servers on Sam StelfoxHugoen-USMon, 30 Jun 2014 21:43:02 -0400Fixing Erratic BMC Controller on PowerEdge C6100https://stelfox.net/blog/fixing-erratic-bmc-controller-on-poweredge-c6100/Mon, 30 Jun 2014 21:43:02 -0400https://stelfox.net/blog/fixing-erratic-bmc-controller-on-poweredge-c6100/I randomly started experiencing an issue with one blade in one of my PowerEdge C6100 blades. It wouldn’t obey all commands issued too it via IPMI or through the BMC’s web interface. Additionally the blade would randomly power on when off, and the front light would consistently blink as if a hardware fault was detected. This has been bothering me for a while, but it was my spare blade and wasn’t affecting my lab in anyway so I’ve ignored it.Updating BMC on Dell PowerEdge C6100https://stelfox.net/blog/updating-bmc-on-dell-poweredge-c6100/Mon, 16 Dec 2013 21:26:13 -0500https://stelfox.net/blog/updating-bmc-on-dell-poweredge-c6100/I just received my Dell PowerEdge C6100 and found it’s software quite a bit outdated. After searching around quite a bit I found the resources lacking for explaining how to perform these updates. So in this post I’m going to quickly cover updating the BMC firmware on each blade. The system I received had four different versions of the BMC software installed, additionally Two were branded as MegaRAC and the others branded as Dell.Updating the BIOS on Dell PowerEdge C6100https://stelfox.net/blog/updating-the-bios-on-dell-poweredge-c6100/Mon, 16 Dec 2013 09:39:02 -0500https://stelfox.net/blog/updating-the-bios-on-dell-poweredge-c6100/The BIOS was quite a bit more complicated and there was a few options that I had available to try, all of which require either Windows or DOS environments. I don’t have any legal copies of Windows to put on my server and didn’t want to go through all that effort` It really needs to be done within a DOS environment. I downloaded the file PEC6100BIOS017000.exe from Dell’s support website (locally hosted copy) as well as the 2. \ No newline at end of file diff --git a/tags/thoughts/index.xml b/tags/thoughts/index.xml index 96eb7b76..e2e677c3 100644 --- a/tags/thoughts/index.xml +++ b/tags/thoughts/index.xml @@ -1,3 +1,3 @@ -Thoughts on Sam Stelfoxhttps://stelfox.net/tags/thoughts/Recent content in Thoughts on Sam StelfoxHugo 0.125.2en-USWed, 14 Sep 2016 01:36:59 -0400Hash Cashhttps://stelfox.net/blog/2016-07-14-quick-thoughts-on-hashcash/Wed, 14 Sep 2016 01:36:59 -0400https://stelfox.net/blog/2016-07-14-quick-thoughts-on-hashcash/This is an interesting proof of work concept. The first example I have found of this in the wild is to prevent abuse for anonymous account registration on an IRC network. +Thoughts on Sam Stelfoxhttps://stelfox.net/tags/thoughts/Recent content in Thoughts on Sam StelfoxHugoen-USWed, 14 Sep 2016 01:36:59 -0400Hash Cashhttps://stelfox.net/blog/2016-07-14-quick-thoughts-on-hashcash/Wed, 14 Sep 2016 01:36:59 -0400https://stelfox.net/blog/2016-07-14-quick-thoughts-on-hashcash/This is an interesting proof of work concept. The first example I have found of this in the wild is to prevent abuse for anonymous account registration on an IRC network. I reviewed it’s source and found that it requests a seed, and payload from a backend PHP script. It assumes that a target collision will happen within 1,000,000 iterations. This is broken up into 10 iterations. A pool of four WebWorkers are spawned. \ No newline at end of file diff --git a/tags/tips/index.xml b/tags/tips/index.xml index b54c4435..adea4360 100644 --- a/tags/tips/index.xml +++ b/tags/tips/index.xml @@ -1,4 +1,4 @@ -Tips on Sam Stelfoxhttps://stelfox.net/tags/tips/Recent content in Tips on Sam StelfoxHugo 0.125.2en-USWed, 27 Nov 2019 16:42:02 -0500Blender Loop Select in Cinnamonhttps://stelfox.net/blog/2019-11-27-blender-loop-select-in-cinnamon/Wed, 27 Nov 2019 16:42:02 -0500https://stelfox.net/blog/2019-11-27-blender-loop-select-in-cinnamon/I’ve recently been playing around with Blender (following this tutorial series). In Part 4 of the Level 1 series, the host Andrew Price is teaching about loop selects which very simply is holding down Alt while clicking on a vertex. The issue wasn’t working for me though I found quite a few other users experiencing the issue. +Tips on Sam Stelfoxhttps://stelfox.net/tags/tips/Recent content in Tips on Sam StelfoxHugoen-USWed, 27 Nov 2019 16:42:02 -0500Blender Loop Select in Cinnamonhttps://stelfox.net/blog/2019-11-27-blender-loop-select-in-cinnamon/Wed, 27 Nov 2019 16:42:02 -0500https://stelfox.net/blog/2019-11-27-blender-loop-select-in-cinnamon/I’ve recently been playing around with Blender (following this tutorial series). In Part 4 of the Level 1 series, the host Andrew Price is teaching about loop selects which very simply is holding down Alt while clicking on a vertex. The issue wasn’t working for me though I found quite a few other users experiencing the issue. The most common fix was when people had three button mouse emulation enabled (a common setting people turn on when using laptops or Macs).Fixing Dark Input Boxes in Firefoxhttps://stelfox.net/blog/2019-04-13-fixing-dark-input-boxes-in-firefox/Sat, 13 Apr 2019 11:53:22 -0400https://stelfox.net/blog/2019-04-13-fixing-dark-input-boxes-in-firefox/I recently began trying out Cinnamon as my desktop environment and I’ve been thoroughly enjoying it. The only issue I was having was occasionally a page’s form input fields would have a dark background while still having dark text making it impossible to read, and very difficult to write. It wasn’t happening everywhere, and I couldn’t track down what about a website would cause the issue. Most prominently for me was when this showed up in AWS’s interface.Reflashing Cisco Catalyst With XMODEMhttps://stelfox.net/blog/2019-03-24-reflashing-cisco-catalyst-with-xmodem/Sun, 24 Mar 2019 23:26:30 -0400https://stelfox.net/blog/2019-03-24-reflashing-cisco-catalyst-with-xmodem/One of the Cisco Catalyst 3750 I had to work on recently had it’s flash completely wiped. When this happens you can only flash the filesystem using the XMODEM serial console. This is a fairly well documented process on Windows. On Linux most of the documented ways involve switching between multiple utilities and can be tricky. I wanted to documented how I did this and possibly help other in the same situation.Hosting Your Own Private Git Repohttps://stelfox.net/blog/2018-12-21-hosting-your-own-private-git/Fri, 21 Dec 2018 18:53:30 +0000https://stelfox.net/blog/2018-12-21-hosting-your-own-private-git/Git was built and developed with the intention of being a distributed reversion control system. Most people now use it with one or another central repository even when working on large teams which is perfectly fine if that model works for you and your team. It can be useful to quickly work with others on private repositories without requiring them to get on your platform of choice, or for sensitive repositories keep the repository entirely under your control.SPF and Google Site Verification in Route 53https://stelfox.net/blog/2018-06-14-spf-and-google-site-verification-in-route-53/Thu, 14 Jun 2018 11:36:09 -0600https://stelfox.net/blog/2018-06-14-spf-and-google-site-verification-in-route-53/Route53 doesn’t allow multiple definitions of the same name/type pair of DNS entries which is quite a headache. This is the first time I’ve had a conflict of a TXT record in Route53 at the base, specifically both Google’s site verification, and SPF records both want to live at the root of the domain. The site verification record needs to stay around as Google periodically re-verifies the domain. diff --git a/tags/tracing/index.xml b/tags/tracing/index.xml index fd26144e..0ad0ffda 100644 --- a/tags/tracing/index.xml +++ b/tags/tracing/index.xml @@ -1,2 +1,2 @@ -Tracing on Sam Stelfoxhttps://stelfox.net/tags/tracing/Recent content in Tracing on Sam StelfoxHugo 0.125.2en-USThu, 13 Apr 2023 20:51:02 -0400Combining "Subscribers" in Rust's Tracing Libraryhttps://stelfox.net/blog/2023-03-13-chained-tracing-subscribers/Thu, 13 Apr 2023 20:51:02 -0400https://stelfox.net/blog/2023-03-13-chained-tracing-subscribers/Tracing is a fantastic Rust library that I’ve found immensely useful, but I feel its documentation and API could still use a bit of polish. At first glance, the distinctions and roles of Subscribers, Layers, Filters, and Writers seem clear and well-documented. But when dealing with less common use cases, understanding their interactions and handling trait-based errors can become challenging. +Tracing on Sam Stelfoxhttps://stelfox.net/tags/tracing/Recent content in Tracing on Sam StelfoxHugoen-USThu, 13 Apr 2023 20:51:02 -0400Combining "Subscribers" in Rust's Tracing Libraryhttps://stelfox.net/blog/2023-03-13-chained-tracing-subscribers/Thu, 13 Apr 2023 20:51:02 -0400https://stelfox.net/blog/2023-03-13-chained-tracing-subscribers/Tracing is a fantastic Rust library that I’ve found immensely useful, but I feel its documentation and API could still use a bit of polish. At first glance, the distinctions and roles of Subscribers, Layers, Filters, and Writers seem clear and well-documented. But when dealing with less common use cases, understanding their interactions and handling trait-based errors can become challenging. So, I’m thinking I need multiple “Subscribers” for the various events being traced, right? \ No newline at end of file diff --git a/tags/ubiquiti/index.xml b/tags/ubiquiti/index.xml index b46f5b41..2721fb38 100644 --- a/tags/ubiquiti/index.xml +++ b/tags/ubiquiti/index.xml @@ -1,2 +1,2 @@ -Ubiquiti on Sam Stelfoxhttps://stelfox.net/tags/ubiquiti/Recent content in Ubiquiti on Sam StelfoxHugo 0.125.2en-USSat, 26 May 2018 18:41:09 -0600Setting Up EdgeRouter PoE on Google Fiberhttps://stelfox.net/blog/2018-05-26-edgerouter-poe-for-google-fiber/Sat, 26 May 2018 18:41:09 -0600https://stelfox.net/blog/2018-05-26-edgerouter-poe-for-google-fiber/I recently moved to an area with Google Fiber and jumped on the chance to have a cheap and fast connection, and I didn’t need to sell my soul to certain other companies. I already owned a Ubiquiti EdgeRouter PoE 5 which has been battle tested at easily routing a gigabit worth of small packets. +Ubiquiti on Sam Stelfoxhttps://stelfox.net/tags/ubiquiti/Recent content in Ubiquiti on Sam StelfoxHugoen-USSat, 26 May 2018 18:41:09 -0600Setting Up EdgeRouter PoE on Google Fiberhttps://stelfox.net/blog/2018-05-26-edgerouter-poe-for-google-fiber/Sat, 26 May 2018 18:41:09 -0600https://stelfox.net/blog/2018-05-26-edgerouter-poe-for-google-fiber/I recently moved to an area with Google Fiber and jumped on the chance to have a cheap and fast connection, and I didn’t need to sell my soul to certain other companies. I already owned a Ubiquiti EdgeRouter PoE 5 which has been battle tested at easily routing a gigabit worth of small packets. When setting up my service, the representative I talked to told me I was able to use my own router, but I would still need to get a Google Fiber Network Box. \ No newline at end of file diff --git a/tags/xfce/index.xml b/tags/xfce/index.xml index 00733b82..34539cef 100644 --- a/tags/xfce/index.xml +++ b/tags/xfce/index.xml @@ -1,3 +1,3 @@ -Xfce on Sam Stelfoxhttps://stelfox.net/tags/xfce/Recent content in Xfce on Sam StelfoxHugo 0.125.2en-USMon, 27 Nov 2017 17:23:09 +0500XFCE Failed to Connect to Sockethttps://stelfox.net/blog/2017-11-27-xfce-failed-to-connect-to-socket/Mon, 27 Nov 2017 17:23:09 +0500https://stelfox.net/blog/2017-11-27-xfce-failed-to-connect-to-socket/While trying to build up a minimal Gentoo graphical environment I kept running into an error every time I logged into XFCE from lightdm (I didn’t try starting up XFCE any other way). There are tons of blog posts that relate to systemd, ubuntu, or crouton but none related to Gentoo. +Xfce on Sam Stelfoxhttps://stelfox.net/tags/xfce/Recent content in Xfce on Sam StelfoxHugoen-USMon, 27 Nov 2017 17:23:09 +0500XFCE Failed to Connect to Sockethttps://stelfox.net/blog/2017-11-27-xfce-failed-to-connect-to-socket/Mon, 27 Nov 2017 17:23:09 +0500https://stelfox.net/blog/2017-11-27-xfce-failed-to-connect-to-socket/While trying to build up a minimal Gentoo graphical environment I kept running into an error every time I logged into XFCE from lightdm (I didn’t try starting up XFCE any other way). There are tons of blog posts that relate to systemd, ubuntu, or crouton but none related to Gentoo. The first error message that pops up is: Unable to contact settings server Failed to connect to socket /tmp/dbus-xxxxxxxxx: Connection refused Once you click through there was a second error message, but I believe it was due to the previous error and not actually an issue: \ No newline at end of file