yaleman.org

If you get a weird error like sqlite prepare error -> SqliteFailure(Error { code: Unknown, extended_code: 1 }, Some("near \"ON\": syntax error")) or syntax error near ON While trying to use UPSERT ... ON CONFLICT(yyyy)… It could because you’re running Ubuntu Bionic or another similarly old version - your SQLite version’s before 3.24.0 From the SQLite documentation for ON CONFLICT: The phrase “ON CONFLICT” is also part of UPSERT, which is an extension to INSERT added in version 3. [Read More]

I’m running an old i7 2012-ish Macbook as a docker host since it still works and it’s pretty capable for the job. The screen kept staying on while just sitting at the text login screen, which was a bit of a worry for the lifetime of the LCD. I have finally figured out how to fix it! Woo! 🎉🥳🎉 Edit /etc/defaults/grub and update the GRUB_CMDLINE_LINUX_DEFAULT entry to have the following two entries: [Read More]

While trying to update the HTTPS/TLS certificate on my Brother MFD, I got the following error: The size of PKCS#12 file is too large. I’m using a Let’s Encrypt-generated certificate and had packaged the full chain. The fix I found was to just use the end cert. I generated it using this command, on a box where I generate my cert for this printer with certbot: sudo openssl pkcs12 -export -out ~/brother. [Read More]

This is an example /config/authsources.php when using Kanidm’s LDAP connector to provide user details and authentication. The user needs to be posix-enabled and members of a posix-enabled group saml_admins will be marked as Administrators in SimpleSAMLphp. <?php $KANIDM_HOSTNAME = 'ldaps://kanidm.example.com'; $KANIDM_SEARCHBASE = 'dc=kanidm,dc=example,dc=com'; $KANIDM_LDAP_PORT = 636; $config = [ // admin creds, user needs to be part of the posix-enabled group "saml_admins" 'admin' => [ // The default is to use core:AdminPassword, but it can be replaced with any authentication source. [Read More]

Documentation for libraries is handy. Automatically generating most of it from source code is even more handy. Here’s a quick how-to on setting up mkdocs with the mkdocstrings plugin to automagically build docs for your project. mkdocs.yml This goes in the root directory of your project. It sets various things like the Name of the site, theme etc. site_name: aussiebb theme: name: "material" plugins: - search: - mkdocstrings: default_handler: python handlers: python: rendering: show_source: true watch: - "aussiebb/" nav: - "Home": README. [Read More]

As an Australian, I’m afflicted with two things: Living in a deadly paradise full of Drop Bears, Hoop Snakes and Cassowaries. Only one of these is fake. Terrible internet, crippled by the ridiculous decisions of multiple corrupt governments. They installed “Fibre to the Node”, or VDSL. The technology that New Zealand had had for decades and nobody in their right mind would deploy these days. Second-generation systems (VDSL2; ITU-T G. [Read More]

If you see things like this: [[email protected] s_sn="306" s_tc="330"]: Aug 23 22:15:22.268: %SYS-5-CONFIG_I: Configured from console by yaleman on vty0 (10.0.0.155) In your Cisco Switch logs, it’s because you’ve got the config entry: logging message-counter log Ew. conf t no logging message-counter log end write mem [Read More]

Here’s an example Apache configuration file for using Kanidm’s LDAP server to authenticate access to Nagios. The below file is also available as a github gist <IfModule mod_ssl.c> <VirtualHost *:443> ServerName monitoring.example.com ServerAdmin [email protected] SSLEngine on SSLCertificateFile /etc/letsencrypt/live/monitoring.example.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/monitoring.example.com/privkey.pem ScriptAlias /cgi-bin "/usr/local/nagios/sbin/" <Directory "/usr/local/nagios/sbin"> Options ExecCGI AllowOverride None <RequireAll> Require all granted AuthName "Nagios Access" AuthType Basic AuthLDAPURL "ldaps://kanidm.example.com:636/dc=kanidm,dc=example,dc=com?name?sub?(name=*)" TLS AuthBasicProvider ldap Require valid-user </RequireAll> </Directory> Alias / "/usr/local/nagios/share/" <Directory "/usr/local/nagios/share"> Options None AllowOverride None <RequireAll> Require all granted AuthName "Nagios Access" AuthType Basic AuthLDAPURL "ldaps://kanidm. [Read More]

I was trying to cargo install wasm-pack on an OpenSUSE Tumbleweed docker container and getting fucking stupid errors… turns out error handling is hard, let’s just assume everything’s going to work and .unwrap() all the things! error: failed to run custom build command for `openssl-sys v0.9.65` Caused by: ared" "no-ssl3" "no-unit-test" "no-comp" "no-zlib" "no-zlib-dynamic" "no-md2" "no-rc5" "no-weak-ssl-ciphers" "no-camellia" "no-idea" "no-seed" "linux-x86_64" "-O2" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" Configuring OpenSSL version 1.1.1k (0x101010bfL) for linux-x86_64 Using os-specific seed configuration Creating configdata. [Read More]

This is an example LDAP configuration for Splunk connecting to Kanidm via LDAP. The configuration goes into /opt/splunk/etc/system/local/authentication.conf Replace kanidm.example.com with the hostname of the Kanidm server Replace dc=kanidm,dc=example,dc=com with the LDAP-format domain name of the system. Map your groups to your users. I’ve got two groups in Kanidm, splunk_users and splunk_admins [authentication] authSettings = kanidm.example.com authType = LDAP [kanidm.example.com] SSLEnabled = 1 anonymous_referrals = 1 charset = utf8 emailAttribute = mail enableRangeRetrieval = 0 groupBaseDN = dc=kanidm,dc=example,dc=com groupBaseFilter = (class=group) groupMappingAttribute = dn groupMemberAttribute = member groupNameAttribute = name host = kanidm. [Read More]