Monitoring cloudflared for fun and profit

This is a very hacky script for monitoring cloudflared, it requires curl and jq, which I think you should have on there anyway You need the following line in the config.yml file, which sets cloudflared to expose the metrics/monitoring endpoint, or --metrics localhost:40355 on the command line: metrics: localhost:40355 And… here’s the script. TL;DR, it checks the /ready endpoint, which returns {"status":200,"readyConnections":4} on good, or a 503 on not-working. #!/bin/bash SYSTEMD_TOPIC="cloudflared_monitoring" METRICS_PORT="40355" CLOUDFLARED_STATUS="$( curl --silent --max-time 5 "http://localhost:${METRICS_PORT}/ready" | jq -r '. [Read More]

Apple M1, terraform and golang

I was trying to apply a messy terraform config recently and kept running across an issue where the AWS provider would seemingly just get itself hung, using ~150% CPU. Killing it, deleting the terraform.tfstate and init/refresh/apply seemed to make it work sometimes. I thought I was having network connection issues, as it’d hang in random parts of a refresh or something like that. The cause Turns out it’s an issue with Rosetta 2 and golang fighting. [Read More]

Facebook Messenger weirdness on macOS

I’m stuck using Facebook Messenger, and they love trashing system performance in the browser, so I tried the “native” macOS app recently. I’m not sure what I did, but after posting a sick medieval meme, it started reloading itself over and over. Kill, open, repeat - it just hung. Stuck cache? This is starting to turn into a theme… I figured deleting cache things worked last time, let’s try it again… [Read More]

IPA and the Stuck Cache

Went to grab a krb ticket today, and this was a fun error to get. I checked all the usual timestamp things… nothing wrong there. [[email protected] 15:41 ~]$ kinit Password for [email protected]: kinit: Clock skew too great while getting initial credentials It wasn’t happening for anyone else, and it was working earlier, so that’s weird. This was the error in the log files, that someone helpfully grabbed: Dec 10 15:45:08 ipaserver. [Read More]

AWS on Hosting Your Own DNS Services

Having just built a cluster of PowerDNS Authoritative servers in AWS, behind the Global Accelerator product, this AWS Security Blog Post gave me some great confirmation that I did things properly! 🧐 [Read More]

I finally figured out my weird font issues in VS Code

I can’t remember when it started, but it was a while ago - Visual Studio Code started to show very strange font things when I have Editor: Render Whitespace turned on. This should look like… FInding the relevant thing to search for took… far too long. I ended up searching for “dot” and then clicking on random things in the Wikipedia page until I found Interpunct, and the Catalan usage of it… [Read More]

PowerDNS All Data Was Not Consumed Message

This was … annoying today. I’m playing with upgrading a PowerDNS instance and started getting All data was not consumed when doing queries against particular zones. Turns out, it was the space at the end of the SOA record, somehow something was adding that in… # pdnsutil check-zone example.com [Error] Following record had a problem: "example.com IN SOA ns1.example.net dns.example.net 2020092142 3600 7200 3600000 172800 " [Error] Error was: All data was not consumed Checked 26 records of 'example. [Read More]

Battery Equivalence...

This was oddly hard to find… The Energizer A544 is equivalent to the 4LR44, a 6 volt battery - which my Merlin garage door opener uses. It also replaces the 6V PX28A. [Read More]

Raspberry Pi USB Boot 'USB-MSD Boot Requires Newer Software'

I was getting this error when trying to boot my Raspi4 8GB from USB: USB-MSD boot requires newer software The fix is to grab the latest firmware from the raspberrypi/firmware repository like so: git clone --depth 1 https://github.com/raspberrypi/firmware cd firmware/boot Mount the USB boot drive on my mac cp -R * /Volumes/boot Unmount the drive and put it into the Pi This’ll copy the latest firmware (don’t delete any other files) and it should work. [Read More]

ManageEngine Password Manager Pro Parameter Error

If you start getting an error like this, you need to update the SSL certificate on your SAML server ;) It’ll show up in $installdir\logs\security-log-0.txt. [10:52:00:698]|[06-18-2020]|[com.adventnet.iam.security.URLRule]|[WARNING]|[77]: Extra parameter found: the parameter Map : {[SigAlg = http://www.w3.org/2000/09/xmldsig#rsa-sha1][Signature = Tn+28vsQB9fXiL2SwGShT4gGwyNhDUbWWLPM1SZjc/K2M6xuwAS+zEL8fdDU9/XzAVvnRhrK4SRDitCWjCBwAUMiHLYONjMz6jNRs5HqjwFUCEk8slFlvup0oER2vq4w5BfbXBt7VKku85xOWqu7gHHAr9Xkhtlx8i/Xdmw0S4r/66V+bMHHKUm3dc/bJ/dEF8KOFdseSwNF2gDhiTX2iMyhIsrZeifjp5O/WpJJdi80WbX50kQrkGOJa17Pbvi9o9yoFBLtHDvyp2AfUXghW6kuA8d0unvBmo5dqr8kwTkungs/+IExBHbGIP8M/gKvAcUKgleP/99jXUxjct6GCw==]} for the URI : (/STATE_ID/[0-9]+)?/saml2| [Read More]