yaleman.org

Yesterday we didn’t have any particular plans, just to meet up with people and do all the things, then go to a few get-togethers at night.

We pottered around for the morning and found carb-heavy fuel at Hungry Jack’s to start the day (me being hangry helps nobody!). Meeting up with the Canberra Pokémon crew, we did two Articuno raids and one Lugia. I only caught the Lugia, and it wasn’t particularly special - but who’s to complain I guess? :)

Transit day, going to CBR for a weekend of hanging out with friends. For the first time ever it was cheap enough to make going to Sydney first, then to Canberra worth it (or so we thought).

The first flight wasn’t too bad, somehow QANTAS ignored our seat allocations and split us up, probably due to the fact that we were listed as two independent travellers, not a pair. One day, airline booking systems will make sense - and be usable - their website shows a clear mess of technical debt.

“Grow” the array down to two devices:

$ sudo mdadm --grow /dev/md1 --raid-devices=2 --backup-file /tmp/mdadmbackup
raid_disks for /dev/md1 set to 2

Show the new status:

/dev/md1:
        Version : 1.2
  Creation Time : Fri Sep 16 22:38:10 2011
     Raid Level : raid1
     Array Size : 1953510841 (1863.01 GiB 2000.40 GB)
  Used Dev Size : 1953510841 (1863.01 GiB 2000.40 GB)
   Raid Devices : 2
  Total Devices : 2
    Persistence : Superblock is persistent

    Update Time : Tue Jul  4 18:27:02 2017
          State : clean 
 Active Devices : 2
Working Devices : 2
 Failed Devices : 0
  Spare Devices : 0

           Name : microserver:1  (local to host microserver)
           UUID : e19da472:04736a59:6c1e25ec:c4a60ebe
         Events : 20513

    Number   Major   Minor   RaidDevice State
       3       8       49        0      active sync   /dev/sdd1
       2       8       17        1      active sync   /dev/sdb1

References:

At work we run proxies for filtering malicious traffic and restricting access to unsavoury content - be it pornography or other things outside policy. For a while now we have had an issue where certain Yahoo-run systems will send continual 301 redirects until the browser gives up with an error.

It’s been really annoying to troubleshoot, as it wasn’t quite clear what would trigger it. The normal things like SSL inspection or broken cookies weren’t the cause, and it didn’t seem to be routing or anything else like that. The main time we had seen it was when a user with an iPad tried to access the Yahoo weather app and it wouldn’t work.

I bought an IKEA bed without a head when I first moved in nearly four years ago, and I finally got around to dealing with it this past weekend. The general idea was to have something that kept my head away from the wall when it was cold, and not look too ugly. Simple, right?

I started by grabbing some material from Spotlight, the local “big box” fabric store. Padding wasn’t cheap, so a cheap(ish) camping mat from BCF was purchased, and some 2.4m lengths of “non structural pine” as well. These were the cheapest part of the whole thing at $2.88 each. I already had the uprights from a previous job, being some nice-ish 2x4" pine.

RMB had been on her amazing South America trip for a few months and I wanted to see some shows in the Pop Up Globe where my friend Chantelle’s been doing some incredible work. These two things came together at the same time, so I toddled off to Auckland for a few days, then onto the cruise ship to come home via Sydney.

What a start to the trip! I misread my flight time and barely scraped into check-in by a few minutes, thankfully I’m paranoid about getting there early and had built in lee-way. Between leaving home and landing in Auckland, my iPhone decided to do a weird battery thing so I ended up with ~10% battery upon landing. That was even after plugging it in to charge through the whole flight - the weird in-seat charger kept turning it on, which didn’t help. Customs and baggage collection was a breeze, and then I tried to buy a SIM for my 3G hotspot, but tried two different company’s offerings before giving up.

Recently I was playing with date formatting in python and wrote a little script which takes a json object full of upcoming dates, then shows a count down.

Running this in the terminal is easy, but I wanted a simple way to see the information without having to do that. I could have written a macOS app to add to the UI at some point, but swift is still a mess and I’m not going to go learn ObjectiveC just for this one. I had used PIL (more specifically pillow, the working rewrite) in the past through some other work, but figured it would be handy to learn it.

I get it, I really do. Red team engagements are amazing and they’re a great way to identify problems in our environments. They’re really cool to talk about to your CEO buddies, and while you pay the bill you get to imagine a crack military-style force attacking your perimeter and attempting to breach your defences. They’re the cool thing that every security guy wants to do, because Blue’s the boring one, right?

So I kept having issues with connectivity in the docker system I run on my laptop. Couldn’t get it to pull images, build or whatever I needed to do.

$ docker build .
Sending build context to Docker daemon 13.61 MB
Step 1/9 : FROM ubuntu:latest
Get https://registry-1.docker.io/v2/: dial tcp: lookup registry-1.docker.io on 192.168.88.1:53: read udp 10.0.2.15:60485->192.168.88.1:53: i/o timeout

Turns out my docker machine was a bit special - probably because I hop between different networks fairly regularly.

While messing with a Cisco ASA, I needed to pull a certificate out of the config. While trying to parse it with openssl, it wasn’t pleased with the PKCS12 format file it claims to have exported:

139708630054816:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:\
   wrong tag:tasn_dec.c:1319:
139708630054816:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:\
   nested asn1 error:tasn_dec.c:381:Type=PKCS12

Even windows wouldn’t have a bar of it, which is unsurprising. Its certificate handling’s for shit anyway. I found the answer is here on StackOverflow (of course): OpenSSL cannot convert PKCS12 exported from Cisco ASA 55xx .