Post

Trump

Trump owes millions to state-owned bank in China https://www.salon.com/2020/04/24/newly-revealed-financial-records-show-trump-owes-millions-to-state-owned-bank-in-china-report/

trump will rip off anyone even if he says he’ll pay https://www.independent.co.uk/news/world/americas/i-sold-trump-100000-worth-of-pianos-then-he-stiffed-me-a7335951.html

Post

Pinterest invades google

Pinterest is awful.

This has been growing for years. Here is the typical situation I think more people run into than you think. When you are looking for an image on google image search and find what you are looking for by thumbnail, and click through just to be taken to pinterest.com. Once you land here, you do not see any fragment of what you came for. Instead, you are confronted with a sign up page.

bash

I have been a bash hacker since I started with computers. That being said, I probably have some old habits on this page. This page primarily serves as short snippets of bash recipes I often want to re-use.

A lot of this bash is old and wrong, because I learned bash so long ago (1998?). Refer to http://mywiki.wooledge.org/BashGuide for proper rules.

Simple Logging Redirect
Human Size

Simple Logging Redirect

If you have a bash script you wish to add logging to a simple approach is to use exec and redirect the output to a file.

Post

why use the go programming language?

I have been a go programmer before go 1.0 was released, I think that brings me back to beginning writing go code around 2011. as en exercise I wrote a simple daemon to handle some backend work where concurrency was key and have enjoyed developing it for quite some time. It replaced a python process where many actors needed to operate on a workqueue. This daemon is actually still in produciton today =P

Notes

bunny

Post

random musings

Would you rather fight 100 duck sized horses or one horse sized duck?

Bill Murray weights in https://www.youtube.com/watch?v=THUGHEJjjGc

Notes

interesting tech

Table of Contents

Aug 2024
Feb 2019
Jan 2018
Oct 2016
Feb 2016
Jan 2016
Nov 2015
Jan 2015

Aug 2024

process-compose - docker-compose but for processes see https://github.com/F1bonacc1/process-compose

Feb 2019

Link	Description
https://landscape.cncf.io/	the CNCF landscape makes me want to cry

Jan 2018

Link	Description
https://github.com/lewish/asciiflow2 and http://asciiflow.com/	ascii art draw tool.
https://github.com/benhoyt/goawk	awk fully implemented in go and passes ’the awk test'

Oct 2016

gmx - similar to jmx but for go https://github.com/davecheney/gmx

Post

golang FAQ

Sections

Network Programming in go
Installing golang tools
Errors are values

Network programming in Go

http://whispering-gophers.appspot.com/talk.slide#1

installing golang tools

is there any way i could install my go binaries wherever i want using go tools?

answer

typical solution is to install tools in a different GOPATH

export GOPATH="$HOME/go"
export PATH="$GOPATH/bin:$PATH"
go get -u golang.org/x/tools/cmd/goimports

The only portions you should add to your shell environment (ie ~/.bash_profile) is just the PATH portion. Do not export GOPATH by default as a security measure. Any remote shell exploit could in theory instruct the go tool to install and run arbitrary code!

Post

hitler uses docker

video

https://www.youtube.com/watch?v=PivpCKEiQOQ

transcript
-------------------------------

we pushed the images to dockerhub, then used docker-compose to deploy to the cluster

we mounted data volumes on these nodes

and linked app container here

finally we've updated the DNS records


hitler: so we're running 20 containers on every node now. when can we get rid of the excess servers?

mein fuhrer...

the kernel... 
A 3rd party container caused a panic...

we've lost 70% of the cluster and the data volumes

.... hitler loses his shit ....

hitler: if you never used docker in production, leave the room now

hitler: isolation my ass!

hitler: what were you thinking?

hitler: who the hell uses public containers from docker hub?

hitler: for all you know they were made by russian hackers!

hitler: you might as well use `curl | sudo bash`

hitler: you think everything in public rpeo is secure because it's OSS?

hitler: you're a bunch of node.js hipsters that just HAVE to install everything you read on hacker news!

but docker allows us to run our applications anywhere!

hitler: you use a VM just to run docker on your laptop!

mein fuhrer, docker-machine uses a lightweight VM!

hitler: do you hear yourself? why do we need docker if we're running a VM?

hitler: a container inside a container!!!

hitler: you archived a whole linux O/S then used CoW storage becaues it's too big

hitler: Just so you can deploy a 10MB go Binary!

hitler: Dont even talk to me about resource constraints

hitler: all that cgroups black magic and it still can't stop a simple fork bomb!

hitler: and if the database needs all the resources on the server, how exactly will docker allow you to run more programs on it?

hitler: before docker, I just picked the right size VMs. 

hitler: Suddenly people talk to me about datacenter efficiency and "hyperconvergence"

hitler: everybody thinkst they're google!

hitler: you don't even run your own machines anymore!

hitler: people run docker on GCE, in VM instances that run in linux containers on Borg!

hitler: people even think docker is configuration management

hitler: they think docker solves everything!

hitler: even microsoft has containers now

hitler: i'm moving everyone to windows!

dont cry, you can run bash on windows 10 now

hitler: docker is supposed to have better performance

hitler: yet that fucker userland proxy is slower than a 28.8k modem

hitler: and for what

hitler: just bind on port 0

hitler: even enterprises want to run docker now and they still have red hat 5 installed

hitler: you idiots think docker will help your application scale

hitler: use openstack for all I care

Post

enlightenment

Update: August 2019

I have switched to i3wm (for some time now) exclusively due to its speed and lightweight. I’ll have to write a post about that experience some time.

e20

enlightenment has been my window manager of choice for a very long time maintly because of its speed. I used to run window maker and then fluxbox before I made the switch to enlightenment (0.16 at the time iirc).

keybase

my keybase profile is https://keybase.io/sigmonsays

keybase proof for this site here https://sigmonsays.github.io/keybase.txt

my public key can be downloaded from https://keybase.io/sigmonsays/key.asc or copied and pasted below:

Post

convenient cli tookit using python

python is a incredibly useful language and has a powerful type system which can be pretty convenient. I’ve written python for many years now and when I need a quick tool, most the time I write it in python.

These tools have built up over time and i’ve been collecting them organically into a python startup file as a set of libraries and functions.

create a file in $HOME/.pythonstartup and cherry pick anything below that you find useful.

Post

Google Owned

Ever think about how much information google has collected about you?

Apart from services there are additional things going on that you might not be aware of

Table of Contents

Data Collection
Location Services
Services
Photos
Phone Sensors
Degoogle Resources

Data Collection

Data collected is often uploaded to google servers

IMEI, hardware serial number, Wifi MAC address
AndroidID, Google Ad ID

Post

go powered databases

bolt - https://github.com/boltdb/bolt
ledis - http://ledisdb.com/
tiedot - https://github.com/HouzuoGuo/tiedot
cockroachdb - https://github.com/cockroachdb/cockroach

bolt

pure go key-value datastore

ledis

redis like database written in go

attractive to embed redis like features directly into your application which will reduce operational complexity.

tiedot

JSON document database

cockrochdb

A Scalable, Geo-Replicated, Transactional Datastore

design document https://docs.google.com/document/d/11k2EmhLGSbViBvi6_zFEiKzuXxYF49ZuuDJLe6O8gBU/edit

feature summary

ACID transactional semantics
versioned values
primary design goal is consistency and survivability
aims to tolerate disk, server, rack and datacenter failures

related technologies

Post

ban systemd

updates

Nov2014 - an exploit in systemd resolver - https://news.ycombinator.com/item?id=8595335
- Just another reason to do one thing well and not try to do too much. C’mon systemd, focus.
- Please help me understand why a init.d replacement needs to provide a resolver.
- some gems from this thread
  - “I find the design of systemd-resolved to be very strange. It uses dbus to talk to glibc, and it seems to be a new, from-scratch implementation of a DNS resolver. To be clear, I don’t really think it matters whether systemd-resolved is under the systemd umbrella, but I do think that the design has a lot of unnecessary NIH syndrome.”
  - “This is a perfect example of why the systemd approach of putting a bunch of disparate components under a single tightly-coupled umbrella is bad engineering.”
  - “It’s mind blowing to realize that because of the init system we have on our system we are now vulnerable to DNS poisoning.”
- anyways, give the thread a read and see for yourself how systemd should be abandoned
website which describes a lot of good points - http://boycottsystemd.org/

Notes

firewall

Just a nasty little adhoc firewall script I use to quickly secure a box for any ports it has open.

Only specific networks are allowed.

#!/bin/bash
#set -x

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

iptables -F INPUT 
#iptables -F FORWARD 
#iptables -F OUTPUT 

function clean_networks {
   grep -v ^# | awk '{print $1}' |grep -v ^$
}

# Quick and dirty iptables firewall
# We want to drop traffic for any open port if its not in the allowed list of IP addresses
# 
function list_allowed_networks {

# the 1918 subnets
cat << EOF | clean_networks
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
EOF

cat << EOF | clean_networks
10.0.0.0/8
127.0.0.0/8
EOF
}

function list_open_ports {
	# ipv4
	netstat -lntu |awk '/^tcp / {print $4}' |awk -F: '{print $2}'
	# ipv6
	netstat -lntu |awk '/^tcp6 / {print $4}' |awk -F: '{print $4}'
}
function list_ports {
	list_open_ports
	echo 22
}
function list_networks {
	for N in $(list_allowed_networks)
	do
		echo $N
	done
	if [ -f /etc/firewall/networks.list ] ; then
		cat /etc/firewall/networks.list
	fi

	# All local addresses
	ip addr | awk -F'[ /]+' '/inet / {print $3}'

	# Let all your connected subnets in..
	# ip addr | awk  '/inet / {print $2}'
}

function prepare_iptables {

	# Create drop logged chain
	if ! iptables -L drop_logged >/dev/null 2>&1 ; then
		iptables -N drop_logged
	fi
	iptables -F drop_logged
	iptables -A drop_logged -j LOG --log-prefix "iptables-dropped: " --log-level 4
	iptables -A drop_logged -j DROP
}



#
# Begin building the firewall
#
prepare_iptables

list_networks | while read N
do
	echo "netowrk $N"
        iptables -A INPUT -s $N -j ACCEPT
done

list_ports | while read P
do
	echo "securing port $P"
        iptables -A INPUT -p tcp --dport $P -j drop_logged
done

Post

building packages with docker

This is a simple idea I had while waiting for a build to complete.

The background Its common to use dpkg-buildpackage inside of a chroot managed by pdebuild. The pdebuild script takes a minimal base image tarball and installs all dependencies in it required to build your package.

The build dependencies come from debian/control Build-Depends section. The package being built is a python application using virtualenv. A lot of the packages come from apt however. There is a bunch of python pip/easy install work performed too.

Post

docker wishlist

things I find that I wish docker supported

dockerfile

store build context with the image
- provides ability to change original dockerfile for images you download
- saves dockerfile and other build artifacts
- similar in concept to a “source package”
support for variables

There is very little that the dockerfile actually supports beyond basic static directives.

If dockerfile supported templates and variables, we could allow repetitive lines to be reduced to the bare minimum. This would allow snippets like this to be greatly reduced. We shouldn’t have to repeat 0.1.3 everywhere, it should just be a variable!

Post

Misc

Trump

Pinterest invades google

bash

Simple Logging Redirect

why use the go programming language?

bunny

random musings

Would you rather fight 100 duck sized horses or one horse sized duck?

interesting tech

Aug 2024

Feb 2019

Jan 2018

Oct 2016

golang FAQ

Network programming in Go

installing golang tools

hitler uses docker

enlightenment

Update: August 2019

e20

keybase

convenient cli tookit using python

Google Owned

Data Collection

go powered databases

bolt

ledis

tiedot

cockrochdb

ban systemd

updates

firewall

building packages with docker

docker wishlist

dockerfile

Sudo