I bought an IKEA bed without a head when I first moved in nearly four years ago, and I finally got around to dealing with it this past weekend. The general idea was to have something that kept my head away from the wall when it was cold, and not look too ugly. Simple, right?

I started by grabbing some material from Spotlight, the local “big box” fabric store. Padding wasn’t cheap, so a cheap(ish) camping mat from BCF was purchased, and some 2.4m lengths of “non structural pine” as well. These were the cheapest part of the whole thing at $2.88 each. I already had the uprights from a previous job, being some nice-ish 2x4" pine.

RMB had been on her amazing South America trip for a few months and I wanted to see some shows in the Pop Up Globe where my friend Chantelle’s been doing some incredible work. These two things came together at the same time, so I toddled off to Auckland for a few days, then onto the cruise ship to come home via Sydney.

What a start to the trip! I misread my flight time and barely scraped into check-in by a few minutes, thankfully I’m paranoid about getting there early and had built in lee-way. Between leaving home and landing in Auckland, my iPhone decided to do a weird battery thing so I ended up with ~10% battery upon landing. That was even after plugging it in to charge through the whole flight - the weird in-seat charger kept turning it on, which didn’t help. Customs and baggage collection was a breeze, and then I tried to buy a SIM for my 3G hotspot, but tried two different company’s offerings before giving up.

Recently I was playing with date formatting in python and wrote a little script which takes a json object full of upcoming dates, then shows a count down.

Running this in the terminal is easy, but I wanted a simple way to see the information without having to do that. I could have written a macOS app to add to the UI at some point, but swift is still a mess and I’m not going to go learn ObjectiveC just for this one. I had used PIL (more specifically pillow, the working rewrite) in the past through some other work, but figured it would be handy to learn it.

I get it, I really do. Red team engagements are amazing and they’re a great way to identify problems in our environments. They’re really cool to talk about to your CEO buddies, and while you pay the bill you get to imagine a crack military-style force attacking your perimeter and attempting to breach your defences. They’re the cool thing that every security guy wants to do, because Blue’s the boring one, right?

So I kept having issues with connectivity in the docker system I run on my laptop. Couldn’t get it to pull images, build or whatever I needed to do.

$ docker build .
Sending build context to Docker daemon 13.61 MB
Step 1/9 : FROM ubuntu:latest
Get https://registry-1.docker.io/v2/: dial tcp: lookup registry-1.docker.io on 192.168.88.1:53: read udp 10.0.2.15:60485->192.168.88.1:53: i/o timeout

Turns out my docker machine was a bit special - probably because I hop between different networks fairly regularly.

While messing with a Cisco ASA, I needed to pull a certificate out of the config. While trying to parse it with openssl, it wasn’t pleased with the PKCS12 format file it claims to have exported:

139708630054816:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:\
   wrong tag:tasn_dec.c:1319:
139708630054816:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:\
   nested asn1 error:tasn_dec.c:381:Type=PKCS12

Even windows wouldn’t have a bar of it, which is unsurprising. Its certificate handling’s for shit anyway. I found the answer is here on StackOverflow (of course): OpenSSL cannot convert PKCS12 exported from Cisco ASA 55xx .

I was commenting on the seeming madness and complexity of our work firewall design recently:

We just drew a network diagram on the wall of just our firewalls, 12’ wide, 6’ tall… at the end, I jumped up and yelled “THE ARISTOCRATS”. Seemed required.

And someone asked “are you secure?”. Now, I could go with what we tell management - that we’re as secure as budgets allow - or a variety of other answers. This time, full objective honesty seemed to rule.

I learnt some new things today about how to deal with filenames in bash.

$ touch foo
$ ls foo*
foo
$ mv foo{,z}
$ ls foo*
fooz

Alternatively…

$ touch foo[1,2,3]
$ ls foo*
foo1 foo2 foo3
$ find . -name "foo*" -exec mv {}{,old} \;
$ ls foo*
foo1old	foo2old	foo3old

Silliness, I know. But handy when you want to rename a bunch of things, or just rename one without messing it up.

Setting up a loopback swap file is something I do fairly commonly on my virtual servers - RAM costs extra money - whereas SSD storage is common and included! Repartitioning’s too much messing around on DigitalOcean, so I set up a loopback file and it just works.

Here’s the commands to make a 2GB file (change count for different sizes):

yaleman@server:~# sudo dd if=/dev/zero of=/swap.img bs=1024 count=2097152
2097152+0 records in
2097152+0 records out
2147483648 bytes (2.1 GB) copied, 9.69851 s, 221 MB/s
yaleman@server:~# sudo chmod 0600 /swap.img
yaleman@server:~# sudo mkswap /swap.img
Setting up swapspace version 1, size = 2097148 KiB
no label, UUID=a78f6315-aba5-4d88-bb67-211f1a0c5e56

Edit the filesystem table:

I was asked by a friend to give a quick rundown on Mikrotik CAPSMAN configuration, so I dumped the config and added some notes. :)

Packages

I’m currently running v6.38 but was running about v6.2 only a week or so ago - make sure you have the “wireless” package enabled. Older RouterOS versions required the capsman-v2 package, which is now deprecated.

  > /sys package print
  Flags: X - disabled
   #   NAME                   VERSION
   0   routeros-mipsbe          6.38
   1   system    				6.38
   2   ipv6      				6.38
   3   wireless  6.38

If there was an X, enable it (in this example /sys package enable 3) - remember you’ll need to reboot after enabling a package.