Author: brian

Categories
Uncategorized

An almost Shakespearean situation

I just serve to repost Economist articles perhaps. Here’s one about the recent amazing cabinet meeting, comparisons to King Leer, and how this really is so pathetic compared to Shakespearean tragedy. Nice quote at the end:

The fact that Mr Trump is a smaller, shallower figure than most Shakespearean heroes (or villains, come to that) makes the craven behaviour of his cabinet secretaries and other Republican enablers even harder to explain. Unlike courtiers in a Jacobean tragedy, they risk neither execution nor banishment. No invading army or witches’ curse impels so many members of Team Trump to sell their reputations and dignity cheap: merely ambition, and the comforting fiction that they are indispensable. Serving Mr Trump is a modest test of character, by Shakespearean standards. It is one which too many underlings are failing.

Categories
Uncategorized

Horses

I just find this quote interesting – horses used to be much more respected and appreciated. After the Battle of Waterloo some survivor horses were brought to retirement and the king’s surgeon saw this:

“One morning…the surgeon saw the 12 horses form a line, shoulder to shoulder, then, without a cue, charge forward at a gallop. After a few strides they spun and retreated as formally as in a drill.” Each day, he watched as “his old cavalry horses, flecked white where their coats had grown back over their scars, enacted this enigmatic ritual and went to war together once more in the cool green parkland of the Home Counties.”

From the Economist article about 2 horse books which is an interesting read as well. We toss many a thing off. The article even gets a quick in if, with AI/robots, we’re now making ourselves as obsolete as we made horses.

 

Categories
BSD/Linux Computer Tech

ZFS fix with Debian upgrade

Somehow a Debian update broke bfs and I was getting this issue:

The ZFS modules are not loaded.
Try running '/sbin/modprobe zfs' as root to load them.

To reinstall ZFS this worked for me – a compilation of many suggestions so not sure all were necessary but it worked:

apt-get clean
apt-get update
apt-get purge zfs*   --get rid of everything ZFS
apt-get remove spl dkms spl-dkms  --get rid of more ZFS
apt-get autoremove
apt-get install -t jessie-backports zfsutils-linux  --change to whatever your distribution uses

--these commands recompile the libraries if they are still having issues
dkms remove -m zfs -v 0.6.5.9 --all
dkms remove -m spl -v 0.6.5.9 --all
dkms add -m spl -v 0.6.5.9
dkms add -m zfs -v 0.6.5.9
dkms install -m spl -v 0.6.5.9
dkms install -m zfs -v 0.6.5.9
Categories
BSD/Linux Tech

L2TP IPSEC VPN

A couple of handy sites for getting that setup:

Your own IPSEC VPN in about 3 minutes using Digital Ocean

And this debian one for support.

https://wiki.debian.org/HowTo/AndroidVPNServer#L2TP.2FIPSec

Couple of notes that the script didn’t cover:

  • Instead of openswan had to use strongswan.
  • Had to add a shared secret to /etc/ipsec.secrets
  • To use a proxy you just point the proxy to listen on 172.16.1.1 and point the computer to that proxy’s port

The script he had is the key so it’s here for posterity:

apt-get install -y openswan xl2tpd ppp
apt-get install -y lsof

iptables --table nat --append POSTROUTING --jump MASQUERADE
echo "net.ipv4.ip_forward = 1" |  tee -a /etc/sysctl.conf
echo "net.ipv4.conf.all.accept_redirects = 0" |  tee -a /etc/sysctl.conf
echo "net.ipv4.conf.all.send_redirects = 0" |  tee -a /etc/sysctl.conf
for vpn in /proc/sys/net/ipv4/conf/*; do echo 0 > $vpn/accept_redirects; echo 0 > $vpn/send_redirects; done
sysctl -p

echo "for vpn in /proc/sys/net/ipv4/conf/*; do echo 0 > $vpn/accept_redirects; echo 0 > $vpn/send_redirects; done"  |  tee -a /etc/rc.local
echo "iptables --table nat --append POSTROUTING --jump MASQUERADE"  |  tee -a /etc/rc.local

echo "config setup
    dumpdir=/var/run/pluto/
    #in what directory should things started by setup (notably the Pluto daemon) be allowed to dump core?
    nat_traversal=yes
    #whether to accept/offer to support NAT (NAPT, also known as "IP Masqurade") workaround for IPsec
    virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v6:fd00::/8,%v6:fe80::/10
    #contains the networks that are allowed as subnet= for the remote client. In other words, the address ranges that may live behind a NAT router through which a client connects.
    protostack=netkey
    #decide which protocol stack is going to be used.

conn L2TP-PSK-NAT
    rightsubnet=vhost:%priv
    also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT
    authby=secret
    #shared secret. Use rsasig for certificates.
    pfs=no
    #Disable pfs
    auto=add
    #start at boot
    keyingtries=3
    #Only negotiate a conn. 3 times.
    ikelifetime=8h
    keylife=1h
    type=transport
    #because we use l2tp as tunnel protocol
    left=%SERVERIP%
    #fill in server IP above
    leftprotoport=17/1701
    right=%any
    rightprotoport=17/%any" > /etc/ipsec.conf



    ipsec verify


    echo "[global]
ipsec saref = yes

[lns default]
ip range = 172.16.1.30-172.16.1.100
local ip = 172.16.1.1
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes" > /etc/xl2tpd/xl2tpd.conf

echo "require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
auth
mtu 1200
mru 1000
crtscts
hide-password
modem
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4" > /etc/ppp/options.xl2tpd
echo "# username  l2tpd password  *" >> /etc/ppp/chap-secrets
echo ""
echo ""
echo "To Do:"
echo ""
echo "- Add users: /etc/ppp/chap-secrets"
echo "Restart the software: /etc/init.d/ipsec restart;  /etc/init.d/xl2tpd restart"
Categories
Uncategorized

Website Security Scans

These two sites seem useful for scanning your website’s security. Recommended!

https://www.gravityscan.com
https://www.ssllabs.com/ssltest/

Categories
Art Computer

AI Created Great Color Names

This tumblr is a fine example of a neural network learning how to name colors and other things.

Categories
Art Computer

The Many Neural Grenixes

Klimt Grenix

Kandinsky Grenix

Van Gogh Grenix

Abstract Grenix

Done with mxnet.

Categories
Uncategorized

Economist Alabama article is worth a read

This Economist article about Alabama is fascinating describing that there is a lot of history leading to people’s current concerns there. Actual cases of voter fraud, outright theft of elections, a general distrust of the federal government and oligarchs. Not much has changed since the 1830s and you can see perhaps where folks are coming from.

Categories
BSD/Linux Computer Tech

Updating Tripwire for changes

First, take a look at the report you received or run (and read):

sudo tripwire --check

If everything is OK, run the following command:

sudo tripwire -m u -Z low -r /var/lib/tripwire/report/hostname-timestamp.twr

Categories
BSD/Linux Computer Tech

Find memory info in Ubuntu (all linux?)

I keep looking this up so saving for posterity. This is a good way to get memory info in Ubuntu:

sudo lshw -C memory

This gets all sort of useful info. I needed to get the memory speed since I have too many computers with too many different memory speeds. Doesn’t seem to show that it is ECC memory but I also had to know that. See below for ECC and memory speed.


  *-firmware              
       description: BIOS
       vendor: LENOVO
       physical id: 0
       version: 5JKT50AUS
       date: 09/27/2010
       size: 64KiB
       capacity: 2496KiB
       capabilities: pci upgrade shadowing cdboot bootselect socketedrom edd int13floppy1200 int13floppy720 int13floppy2880 int5printscreen int9keyboard int14serial int17printer acpi usb biosbootspecification
  *-cache:0
       description: L1 cache
       physical id: 5
       slot: L1-Cache
       size: 32KiB
       capacity: 32KiB
       capabilities: internal write-back unified
       configuration: level=1
  *-cache:1
       description: L2 cache
       physical id: 6
       slot: L2-Cache
       size: 256KiB
       capacity: 256KiB
       capabilities: internal varies unified
       configuration: level=2
  *-cache:2 DISABLED
       description: L3 cache
       physical id: 7
       slot: L3-Cache
       size: 4MiB
       capacity: 4MiB
       capabilities: internal unified
       configuration: level=3
  *-memory
       description: System Memory
       physical id: 2c
       slot: System board or motherboard
       size: 14GiB
     *-bank:0
          description: DIMM DDR3 Synchronous 1066 MHz (0.9 ns)
          product: M391B5673EH1-CH9
          vendor: Samsung
          physical id: 0
          serial: FCBB3D85
          slot: A1_DIMM0
          size: 2GiB
          width: 64 bits
          clock: 1066MHz (0.9ns)
     *-bank:1
          description: DIMM DDR3 Synchronous 1066 MHz (0.9 ns)
          product: 18JSF51272AZ-1G1D1
          vendor: Micron Technology
          physical id: 1
          serial: D7172936
          slot: A1_DIMM1
          size: 4GiB
          width: 64 bits
          clock: 1066MHz (0.9ns)
     *-bank:2
          description: DIMM DDR3 Synchronous 1066 MHz (0.9 ns)
          product: CT51272BA1067.M18F
          vendor: Undefined
          physical id: 2
          serial: 00000000
          slot: A1_DIMM2
          size: 4GiB
          width: 64 bits
          clock: 1066MHz (0.9ns)
     *-bank:3
          description: DIMM DDR3 Synchronous 1066 MHz (0.9 ns)
          product: 18JSF51272AZ-1G1D1
          vendor: Micron Technology
          physical id: 3
          serial: 5DC579DE
          slot: A1_DIMM3
          size: 4GiB
          width: 64 bits
          clock: 1066MHz (0.9ns)

To get ECC and speed use this:


dmidecode --type memory
...
Handle 0x002C, DMI type 16, 15 bytes
Physical Memory Array
	Location: System Board Or Motherboard
	Use: System Memory
	Error Correction Type: Single-bit ECC
	Maximum Capacity: 8 GB
	Error Information Handle: 0x002D
	Number Of Devices: 4
...
Handle 0x0032, DMI type 17, 28 bytes
Memory Device
	Array Handle: 0x002C
	Error Information Handle: 0x0033
	Total Width: 72 bits
	Data Width: 64 bits
	Size: 4096 MB
	Form Factor: DIMM
	Set: None
	Locator: A1_DIMM1
	Bank Locator: A1_BANK1
	Type: DDR3
	Type Detail: Synchronous
	Speed: 1066 MHz
	Manufacturer: Micron Technology
	Serial Number: D7172936  
	Asset Tag: NULL
	Part Number: 18JSF51272AZ-1G1D1
	Rank: 2