(A few) Ops Lessons We All Learn The Hard Way Jan. 28, 2020, 8:47 a.m.

Nope, not another Falsehoods post, but not entirely unlike one. Only here we have a few lessons in operations that we all (eventually) (have to) learn; often the hard way. Why things are the way they are, or what the lessons mean is left to the reader to interpret, agree, or disagree with. It's more fun that way. Enjoy!

Bash $* and $@ Jan. 13, 2020, 2:18 p.m.

In Bash, there are two closely related “special parameters” for accessing how the current script was invoked: $* and $@. For both variables, the behavior is affected by whether or not the variable is enclosed in double quotes. The following table summarizes all cases:

Form    Meaning
$*    $1 $2 $3...
$@    $1 $2 $3...
"$*"  "$1 $2 $3..."
"$@"  "$1" "$2" "$3"...

Creating a Composite DSC Configuration with Parameters Jan. 6, 2020, 12:37 p.m.

When a Composite Configuration is created as an ordinary module, it seems like it behaves like an ordinary Cmdlet. This means, to pass parameters to the composite configuration I had to do:

Node localhost 
{ 
    BaseConfig Common -MyParameter "My Parameter Value" {} 
}

Bash-my-AWS Jan. 3, 2020, 7:36 p.m.

Bash-my-AWS is a simple but extremely powerful set of CLI commands for managing resources on Amazon Web Services.

Ablaut reduplication: Why 'tock tick' doesn't sound right? Dec. 28, 2019, 9:13 p.m.

As the word signifies, ‘reduplication’ in linguistics is when you repeat a word, sometimes with a modified vowel (e.g., ding dang dong) or sometimes with an altered consonant (e.g., nitty-gritty). As such, if there are two words, then the first word contains I, and the next word contains either A or O (e.g., ‘mish mash’, ‘hip hop’, ‘chit chat’ etc.).

However, if there are three words in question, then the first word contains I, the next contains A and the last word contains O (e.g., bish bash bosh). It doesn’t have anything definite about it, but it somehow just sounds right.

English order of Adjectives Dec. 28, 2019, 9:12 p.m.

Adjectives, writes the author, professional stickler Mark Forsyth, “absolutely have to be in this order: opinion-size-age-shape-colour-origin-material-purpose Noun. So you can have a lovely little old rectangular green French silver whittling knife. But if you mess with that order in the slightest you’ll sound like a maniac.”

Lingon Dec. 28, 2019, 9:10 p.m.

Lingon lets you run things automatically by modifying configuration files for the system function called launchd. This means that you can also edit or remove jobs created by other apps. And the system handles running the jobs in the background so you don’t need to have Lingon open after you have saved your job.

Supermicro IPMI Utilities Dec. 23, 2019, 8:16 p.m.

Supermicro IPMI / BMC tools.

Running GUI’s with Docker on Mac OS X Dec. 23, 2019, 8:15 p.m.

We are very familiar with running CLI processes in Docker containers with no Graphical UI at all. But did you know that you can just as well run applications with a graphical user interfaces, like Chrome, Firefox, Tor Browser, Gimp, etc… with Docker… on OS X!

Everything PKI Oct. 14, 2019, 5:10 p.m.

PKI is really powerful, and really interesting. The math is complicated, and the standards are stupidly baroque, but the core concepts are actually quite simple. Certificates are the best way to identify code and devices, and identity is super useful for security, monitoring, metrics, and a million other things. Using certificates is not that hard. No harder than learning a new language or database. It’s just slightly annoying and poorly documented. This is the missing manual.

Apple Hardware Test Download Links Oct. 9, 2019, 3 p.m.

Apple computers ship with a pre-installed suite of hardware diagnostic tools, known as Apple Hardware Test (AHT). In principle you can start them by holding the d key while booting. Newer models support holding option d to load AHT over the internet. If however, you reinstalled an older computer from scratch, the diagnostic tools might no longer be available. Unless you have the original disks that came with your computer, there seems to be no way to restore the AHT. Apple provides disk images with AHT for most computers, but does not make the links publicly available. Various blogs and forums have gathered a list of download links. The rest were obtained by scraping http://download.info.apple.com/Apple_Hardware_Test/ for all the links of the form 0(18|22)-\d{4}-A.dmg.

YubiKey Smart Card Deployment Guide Oct. 9, 2019, 9:01 a.m.

The YubiKey Minidriver is designed to function in a Windows Server and Client environment configured for smart card authentication. Ensuring your deployment is set up properly is a crucial element of the initial planning for the YubiKey Minidriver deployment.

Updating Nano Server – Nano Server Oct. 9, 2019, 8:57 a.m.

Option 5: Download and install the cumulative update to a running Nano Server: If you have a running Nano Server VM or physical host, you can use the Windows Update WMI provider to download and install the update while the operating system is online. With this method, you don't need to download the .msu file separately from the Microsoft Update Catalog. The WMI provider will detect, download, and install all available updates at once. After installing an update from Windows Update, you can find the log files at %ProgramData%\SoftwareDistribution\Logs\WindowsUpdate.

CLI: Improved Oct. 9, 2019, 8:54 a.m.

Over the years my command line habits have improved and I often search for smarter tools for the jobs I commonly do. With that said, here's my current list of improved CLI tools.

Elliptic Curve Cryptography Explained Oct. 9, 2019, 8:49 a.m.

Recently, I am learning how Elliptic Curve Cryptography works. I searched around the internet, found so many articles and videos explaining it. Most of them are covering only a portion of it, some of them skip many critical steps how you get from here to there. In the end, I didn’t find an article that really explains it from end-to-end in an intuitive way. With that in mind, I would like to write a post explaining Elliptic Curve Cryptography, cover from the basics to key exchange, encryption, and decryption.

Endless Face Zoom Oct. 8, 2019, 3:51 p.m.

Animated gif generator

TeePublic Sept. 30, 2019, 1:55 p.m.

Pop culture t-shirts, posters, gifts, and more.

Group Policy Preferences: Understanding “Run in Logged on User’s Security Context” Sept. 26, 2019, 4:29 p.m.

Every preference item applied is processed under the local SYSTEM account. This applies to preference items created under both the Computer and User Configuration nodes. When you select  “Run in Logged on User’s Security Context”, the security context is changed from SYSTEM to the current logged-in User. This is a huge distinction when you are creating preferences for Files, Shortcuts, or Drive Mappings.

How to use special permissions: the setuid, setgid and sticky bits Sept. 26, 2019, 10:22 a.m.

Ownership of files and directories is based on the uid (user-id) and gid (group-id) of the user who created them. The same thing happens when a process is launched: it runs with the effective uid and gid of the user who started it, and with the corresponding privileges.

The setuid bit modifies this behaviour so that an executable runs with the privileges of the executable file’s owner. This can be identified by an s in the executable bit for the file’s owner, eg:

ls -l /bin/passwd
-rwsr-xr-x. 1 root root 27768 Feb 11  2017 /bin/passwd

The setgid bit can be identified by an s in the executable bit of the file or directory’s group, eg:

drwxrwsr-x. 2 egdoc egdoc 4096 Nov  1 17:25 test

When set on an executable, the setgid bit causes it to run with the privileges of the executable’s group. When set on a directory, the setgid bit causes the group of files created inside the directory to be the group of the directory, not the user who created them.

When used on a directory, the sticky bit causes all files to be modifiable only by their owner, eg:

ls -ld /private/tmp
drwxrwxrwt  11 root  wheel  352 26 Sep 09:04 /private/tmp

Ansible module development: getting started Sept. 23, 2019, 12:18 p.m.

A module is a reusable, standalone script that Ansible runs on your behalf, either locally or remotely. Modules interact with your local machine, an API, or a remote system to perform specific tasks like changing a database password or spinning up a cloud instance. Each module can be used by the Ansible API, or by the ansible or ansible-playbook programs. A module provides a defined interface, accepting arguments and returning information to Ansible by printing a JSON string to stdout before exiting. Ansible ships with thousands of modules, and you can easily write your own. If you’re writing a module for local use, you can choose any programming language and follow your own rules. This tutorial illustrates how to get started developing an Ansible module in Python.