So I’m messing around with a DictWriter and was trying to use the typical “with” syntax I use with short-lived things in python… and got this error:
Error: DictWriter instance has no attribute '__exit__'
Turns out, that’s not really a thing, and I should have followed the example. Don’t judge me please for using Py2, Splunk hasn’t caught up (yet).
[Read More]It’s been pretty smooth after upgrading to catalina, but I got this error when trying to run git this morning…
xcrun: error: invalid active developer path (/Library/Developer/CommandLineTools), missing xcrun at: /Library/Developer/CommandLineTools/usr/bin/xcrun
Easily fixed…
xcode-select --install
Let it do the thing and you’ll be back in business.
Updates:
export BASH_SILENCE_DEPRECATION_WARNING=1 to ~/.bash_profile)The 87th annual purplecon was delightful and fun. Eschewing the typical black hoodies and replacing them with sparkles was an amazing choice and drove the friendly, welcoming feel of the entire con.
All talks were required to be:
Which means they’re not just stunt hacking or dropping 0-days - they’re designed to improve the state of the art. The “great archive” is going to be a text archive summary of the talks, so…
[Read More]So… I kept getting a message like this every. single. time. I. used. sudo.
Subject: *** SECURITY information for server.domain.example.com ***
Message: server.domain.example.com : Oct 19 14:17:50 : yaleman : problem with defaults entries ; TTY=pts/0 ; PWD=/home/yaleman ; USER=root ;
Doing some searching, it turns out it’s some issue with local accounts and an interaction between sudo and sssd where defaults aren’t being presented to sssd from FreeIPA/LDAP. It’s more a warning than a bug, but it’s freaking annoying.
Sometimes on Linux hosts, CrowdStrike has a bit of a weird issue with filling up /opt/CrowdStrike with old versions. The fix they gave us was… a bit special, so I came up with my own.
sudo find /opt/CrowdStrike -type f -name "KernelModuleArchive*" -not -wholename "$(readlink -f /opt/CrowdStrike/KernelModuleArchive)" -exec rm "{}" \;
sudo find /opt/CrowdStrike -type f -name "falcond*" -not -wholename "$(readlink -f /opt/CrowdStrike/falcond)" -exec rm "{}" \;
sudo find /opt/CrowdStrike -type f -name "falconctl*" -not -wholename "$(readlink -f /opt/CrowdStrike/falconctl)" -exec rm "{}" \;
sudo find /opt/CrowdStrike -type f -name "falcon-sensor*" -not -wholename "$(readlink -f /opt/CrowdStrike/falcon-sensor)" -exec rm "{}" \;
For each of the different file types it makes, there’s a “versioned” file, such as falcon-sensor7303 which is symlinked as /opt/CrowdStrike/falcon-sensor. When the “real” files update to new versions, they don’t clean themselves up. The above four lines looks for the “bad” files and filters out the existing “current” file using readlink to identify the canonical destination of the symlink.
Turns out, reading the manual in full is handy. If you’re wondering why your Segway Ninebot Kickscooter MAX is beeping constantly, it’s because you have to activate it.
Open the app, connect via Bluetooth and then click the little gear icon. Click “Activate” and then hit yes. It should make one more long beep and shut up after that.
They also limit the speed on the device until you’ve activated it, which makes sense, I guess?
[Read More]Yesterday I had a solar system and storage battery installed into my house. As part of that, inspired by Jon Oxer’s great SuperHouse series, I had the electrician install some high current relays for me to control the hot water system.
My plan has two intended control options:
K3 is a Finder “Digital Astro Time Switch” with NFC connection support (12.81.8.230.0000).
This Comic from the Google Comic Factory is a great “starter” introduction to machine learning, its applications and methods. Well worth a read!
Xavier Mertens’ new post on the ISC Blog about blocking DNS over HTTPS with BIND RPZ was posted today, and it provides some really useful and actionable information on how to do it. BIND RPZs are a very useful tool for whole-of-network security actions.
And before you reach for your angry typing keyboard, yes - DoH is a great idea - until you want to be able to take the skills and tools of your corporate security team to secure them and respond to threats and incidents. :)
[Read More]I uploaded a bunch of files to an s3 bucket, then needed to update the permissions.
aws s3 ls --profile <profile> --recursive s3://<bucket> | awk '{print $NF}' \
| xargs -I{} -n1 aws s3api put-object-acl --profile <profile> --acl public-read --bucket <bucket> --key {}
There’s two replacements in the above code you need to make:
~/.aws/credentialsThere’s a better explanation here, in the AWS support documentation
[Read More]