Tags

yet another bugfix

3:24pm on Apr 10, 2014

Another bugfix for s3cmd.

bugfixin

10:37am on Mar 25, 2014

Bugfix for s3cmd - some issues with command-line arguments not working when I needed them to.

RSS alert feed bot

5:28pm on Mar 11, 2014

Today I created a program to pull data from the RSS feeds our service vendors use for alerts, and either log, email, or instant message (we use Hipchat) to various support groups.

AND, I open sourced it on github. Enjoy!

rom

10:16pm on Feb 27, 2014

More python 3.3 porting, this time an interesting Redis ORM.

EDIT: Changed my mind, someone else has started a 3.3 port which looks like a way better method: mayfield/rom.

slow as molasses

1:43pm on Feb 27, 2014

Nearly 2 years to the day after I submitted this issue with the 'draw9patch' tool in the Android SDK to Google, the issue is still open.

I only mention this because it seems the owner of the ticket has changed today.

Way to go, Google.

mySQL to PostgreSQL data

4:19pm on Feb 11, 2014

I'm trying to pitch changing to PostgreSQL at work, so I had to figure this out today.

To export:

1
2
3
for i in table1 table2 ; do
  mysql --batch -e "SELECT * FROM $i" > $i.csv
done

To import:

1
2
3
4
5
6
7
8
9
for f in *.csv; do
  TABLE=${f%.*}
  tail -n +2 $f | \
  sed -e 's/\r/\\r/g' \
          -e 's/\\0//g' \
          -e 's/0000-00-00 00:00:00/NULL/g'| \
  iconv -t "utf-8" -f "utf-8" -c | \
  psql -c "COPY \"$TABLE\" FROM stdin WITH NULL 'NULL'"
done

Note the sed command to remove backslash-zero - as this is an escaped dump, that will be converted into a null character, which is not allowed in a string. Also one row I saw had the "zero date" shown there - pretty sure this date never happened, so I'm calling it 'NULL'.

openswan sucks

4:33pm on Jan 09, 2014

Right so in the previous article I set up an IPSec VPN between Openswan and OpenBSD's PF. The issue with it is that any time the OpenBSD end restarted, the Openswan end had no idea this occurred, and quit working with no notification of any sort. And just running "ipsec auto --down $conn; ipsec auto --up $conn" didn't work, it actually created an additional flow and SAD on the OpenBSD side, and the tunnel wouldn't become active.

So I'm going old-school. I'm going to write a stupid hacky script to ping the OpenBSD internal endpoint from the Openswan box, and when it goes unresponsive, run "ipsec auto --replace $conn && ipsec auto --up $conn" to bring the tunnel back up.

See? Openswan sucks.

Feel free, by the way, to prove otherwise.

OpenBSD VPN to Linux in an Amazon VPC

4:31pm on Jan 07, 2014

This article is a great start on how to connect two VPCs using Linux and OpenSWAN. I followed it, but then I also needed to connect my OpenBSD office router. Set up the VPC side the same way (except for the changes below).

Addresses

  • Office router eternal address: 1.2.3.4
  • Office internal subnet: 192.168.1.0/24
  • VPC gateway instance address: 5.6.7.8
  • AWS VPC subnet: 10.1.0.0/24

OpenBSD /etc/ipsec.conf:

1
2
3
4
5
6
7
ike esp from 10.1.0.0/24 to 192.168.1.0/24 \
    local 1.2.3.4 peer 5.6.7.8 \
    main auth hmac-sha1 enc aes group modp1024 \
    quick auth hmac-sha1 enc aes group modp1024 \
    srcid 1.2.3.4 \
    psk "monkeys" \
    tag amazon-vpc

OpenBSD /etc/pf.conf:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
TcpState="flags S/SA modulate state"
UdpState="keep state"

table <amazon_vpn> const { 5.6.7.8 }
table <our_vpns> const { 10.1.0.0/24 }

set skip on enc0

match out on vr1 from any to <our_vpns> received-on vr2 tag EGRESS nat-to (vr1:0)

pass out on vr1 inet proto tcp all $TcpState
pass out on vr1 inet proto udp all $UdpState
pass out on vr1 inet proto esp from any to <amazon_vpn>
pass out on vr1 inet proto udp from any to <amazon_vpn> port { 500 4500 } $UdpState

pass in quick on vr1 inet proto esp from <amazon_vpn> to (vr1:0)
pass in quick on vr1 inet proto udp from <amazon_vpn> to (vr1:0) port { 500 4500 } $UdpState
block in log on vr1

Add to OpenBSD /etc/sysctl.conf:

1
net.inet.ip.forwarding=1

Add to OpenBSD /etc/rc.conf.local:

1
2
ipsec=YES
isakmpd_flags="-4 -K"

Linux /etc/ipsec.conf:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
conn Office
    type=tunnel
    left=%defaultroute
    leftsubnet=10.1.0.0/24
    leftnexthop=%defaultroute
    leftid=5.6.7.8
    right=1.2.3.4
    rightsubnet=192.168.1.0/23
    keyexchange=ike
    esp=aes128-sha1
    ike=aes128-sha1-modp1024
    auto=start
    auth=esp
    authby=secret
    pfs=yes
    keyingtries=%forever
    rekeymargin=4m
    rekey=yes
    disablearrivalcheck=no
    aggrmode=no

Linux /etc/ipsec.secrets:

1
5.6.7.8 1.2.3.4: PSK "monkeys"

Google you little...

9:16pm on Oct 28, 2013

I see the Google plus article format returned by their Python API has changed again. You will note the sidebar over on the right there only shows images and no articles now. I'm getting really tired of fixing this every month.

Probably I'll just not bother soon, and remove that whole sidebar altogether.

phones, again

4:13pm on Jul 09, 2013

Phone #4 had a broken USB port over the weekend.

Phone #5 arrived new-in-box - this is a nice change. I'm tired of doing this.

[RSS] [atom]
Tags