The dirty little secret about SSL certificates is that:
The tools to become a certificate authority, and therefore to publish your own SSL certificates, is included in a wide variety of systems – chances are if you have an Ubuntu or CentOS install you already have the capability of becoming an SSL certificate authority via OpenSSL.
Categories: Security
Tagged: certificate-authority, SSL
Fellow tech friends, I have a find for you. If you have a job, or hobby, or whatever where you find yourself meddling with a bunch of .iso files, whether to boot off of them or just to access the data on them, then I have the device for you. It all started after I backed the Kickstarter project for the isostick. Having never heard of a device before that would accept .iso images on a filesystem and then present them to the computer as a disc drive, I thought this was (and is) a pretty cool idea. When browsing through the comments, I saw folks mentioning that this is just like the Zalman ZM-VE200 external hard drive enclosure. So of course I decided to do some research on this newly discovered gadget. Overview The Zalman ZM-VE200 at its core is an external sata hard drive enclosure. These have been….
Categories: Hardware,Reviews,System Administration
Tagged: external-drives, hardware, sysadmin
At home I have an (admittedly small) ZFS array set up to experiment with this neat newish raid technology. I think it has been around long enough that it can be used in production, but I’m still getting used to the little bugs/features, and here is one that I just found.
After figuring out that I had 2 out of 3 of my 1TB Seagate Barracuda hard drives fail, I had to give the array up for a loss and test out my backup strategy. Fortunately it worked and there was no data loss. After receiving the replacement drives in from RMA, I rebuilt the ZFS array (using raidz again) and went along my merry way. After 6 months or so, I started getting some funky results from my other drive. Thinking it might have some issue as with the others, I removed the drive and ran Seatools on it (by the way, Seatools doesn’t offer a 64-bit Windows version – what year is this?).
The drive didn’t show any signs of failure, so I decided to wipe it and add it back into the array to see what happens. That, of course, is easier said than done.
Categories: Linux,Shell,System Administration
The hald – Hardware Access Layer Daemon – runs several processes in order to keep track of what hardware is installed on your system. This includes polling USB Drives and ‘hot-swap’ devices to check for changes along with a host of other tasks. You might see it running on your system as follows: 12342474 ? S 0:00 \_ hald-runner 2481 ? S 0:00 \_ hald-addon-acpi: listening on acpid socket /var/run/acpid.socket 2487 ? S 0:00 \_ hald-addon-keyboard: listening on /dev/input/event0 2495 ? S 41:47 \_ hald-addon-storage: polling /dev/hdc If your system is static and the devices do not change, you can actually disable this service using a policy entry. Create a file in your policy directory, for example /etc/hal/fdi/policy/99-custom.fdi. Add the text: 123456789<?xml version="1.0" encoding="UTF-8"?>….
Categories: Configurations,Linux,Shell,System Administration
Tagged: daemon, hald, hardware access layer
According to “official” system administrator rules and guidelines you shouldn’t be adding so-called vain scripts to the login prompt – only utilities that will add something useful to the system (for example, current system load, memory and disk usage, etc). However I have some systems that I frequently connect to and thought it would be neat to add a random quote script to my bash login. That being said, this should only be done on ‘non-production’ systems and adds a security vector so please be careful where you use this. The goal of this is to add a little quote, at random, every time you log into your system. My thoughts were to do it not only as a little source of inspiration but also to add perspective to what I’m doing sitting in front of the computer all of the time. Originally I was going to try to write….
Categories: Code Samples,Linux,PHP,Shell
Firesheep by Eric Butler has just been released to the world. This Firefox plugin does a few things that have already been fairly easy to do for a while, but rolled up in one easy to use package:
So what sites are impacted by default? Amazon.com, Basecamp, bit.ly, Cisco, CNET, Dropbox, Enom, Evernote, Facebook, Flickr, Github, Google, HackerNews, Harvest, Windows Live, NY Times, Pivotal Tracker, Slicehost, tumblr, Twitter, WordPress, Yahoo, and Yelp are among the few. A plugin system allows anyone to add their own sites (and cookie styles) to the plugin.
Yikes! It goes without saying that this is a major security problem for anyone who uses unencrypted wireless networks. Includes on this list are many universities and companies such as Starbucks.
Categories: Security,System Administration
I manage a server which has a sole purpose: serving DNS requests. We use PowerDNS, which has been great. It is a DNS server whose backend is SQL, making administration of large numbers of records very easy. It is also fast, easy to use, open source and did I mention it is free?
The server has been humming along for years now. The traffic graphs don’t show a lot of data moving through it because it only serves DNS requests (plus MySQL replication) in the form of tiny UDP packets.
Read on to follow my story of how I fixed this tricky problem. No kittens were harmed in the writing of this post.
Categories: Linux,System Administration
