The 87th annual purplecon was delightful and fun. Eschewing the typical black hoodies and replacing them with sparkles was an amazing choice and drove the friendly, welcoming feel of the entire con.
All talks were required to be:
Which means they’re not just stunt hacking or dropping 0-days - they’re designed to improve the state of the art. The “great archive” is going to be a text archive summary of the talks, so…
[Read More]So… I kept getting a message like this every. single. time. I. used. sudo.
Subject: *** SECURITY information for server.domain.example.com ***
Message: server.domain.example.com : Oct 19 14:17:50 : yaleman : problem with defaults entries ; TTY=pts/0 ; PWD=/home/yaleman ; USER=root ;
Doing some searching, it turns out it’s some issue with local accounts and an interaction between sudo and sssd where defaults aren’t being presented to sssd from FreeIPA/LDAP. It’s more a warning than a bug, but it’s freaking annoying.
Sometimes on Linux hosts, CrowdStrike has a bit of a weird issue with filling up /opt/CrowdStrike with old versions. The fix they gave us was… a bit special, so I came up with my own.
sudo find /opt/CrowdStrike -type f -name "KernelModuleArchive*" -not -wholename "$(readlink -f /opt/CrowdStrike/KernelModuleArchive)" -exec rm "{}" \;
sudo find /opt/CrowdStrike -type f -name "falcond*" -not -wholename "$(readlink -f /opt/CrowdStrike/falcond)" -exec rm "{}" \;
sudo find /opt/CrowdStrike -type f -name "falconctl*" -not -wholename "$(readlink -f /opt/CrowdStrike/falconctl)" -exec rm "{}" \;
sudo find /opt/CrowdStrike -type f -name "falcon-sensor*" -not -wholename "$(readlink -f /opt/CrowdStrike/falcon-sensor)" -exec rm "{}" \;
For each of the different file types it makes, there’s a “versioned” file, such as falcon-sensor7303 which is symlinked as /opt/CrowdStrike/falcon-sensor. When the “real” files update to new versions, they don’t clean themselves up. The above four lines looks for the “bad” files and filters out the existing “current” file using readlink to identify the canonical destination of the symlink.
Turns out, reading the manual in full is handy. If you’re wondering why your Segway Ninebot Kickscooter MAX is beeping constantly, it’s because you have to activate it.
Open the app, connect via Bluetooth and then click the little gear icon. Click “Activate” and then hit yes. It should make one more long beep and shut up after that.
They also limit the speed on the device until you’ve activated it, which makes sense, I guess?
[Read More]Yesterday I had a solar system and storage battery installed into my house. As part of that, inspired by Jon Oxer’s great SuperHouse series, I had the electrician install some high current relays for me to control the hot water system.
My plan has two intended control options:
K3 is a Finder “Digital Astro Time Switch” with NFC connection support (12.81.8.230.0000).
This Comic from the Google Comic Factory is a great “starter” introduction to machine learning, its applications and methods. Well worth a read!
Xavier Mertens’ new post on the ISC Blog about blocking DNS over HTTPS with BIND RPZ was posted today, and it provides some really useful and actionable information on how to do it. BIND RPZs are a very useful tool for whole-of-network security actions.
And before you reach for your angry typing keyboard, yes - DoH is a great idea - until you want to be able to take the skills and tools of your corporate security team to secure them and respond to threats and incidents. :)
[Read More]I uploaded a bunch of files to an s3 bucket, then needed to update the permissions.
aws s3 ls --profile <profile> --recursive s3://<bucket> | awk '{print $NF}' \
| xargs -I{} -n1 aws s3api put-object-acl --profile <profile> --acl public-read --bucket <bucket> --key {}
There’s two replacements in the above code you need to make:
~/.aws/credentialsThere’s a better explanation here, in the AWS support documentation
[Read More]I was writing MicroPython to a new ESP32 board I got, and it was acting weird… looping the following over and over:
rst:0x10 (RTCWDT_RTC_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
flash read err, 1000
ets_main.c 371
ets Jun 8 2016 00:22:57
Turns out, if I’d read the documentation instead of just doing the same thing I’d been doing on the ESP8266’s, I’d have known I need to write it starting at 0x1000 instead of 0x0000.
I’ve got a server with a web site which sits behind Cloudflare, so I have a daily script in root’s cron that grabs the current list of Cloudflare IPs and updates the ufw config so only Cloudflare can get to apache2. It’s a wordpress site so I’m a little scared of idiots doing idiot things.
Ever since I ran it, for some reason it throws an error ERROR: problem running sysctl when it runs ufw status verbose. It’s always worked when I run it manually, and doesn’t seem to cause issues - especially since it’s only a final check step. The errors have been bugging me and I’ve got a few seconds at PyConAU2019 so I thought I’d do some more searching.