makefu/euer_blog
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

add content

Browse source
This commit is contained in:
makefu 2014-02-18 15:04:15 +01:00
parent 5f7f2c5b6e
commit 5fae23e966
8 changed files with 15277 additions and 7 deletions

16
content/pages/about.rst Normal file
View file

@ -0,0 +1,16 @@
About
#####
This is the blog of makefu. It documents my path through technoligy, mostly
describing issues i encountered and quirks to solve these issues.
You can reach me via the following channels:
* on irc.freenode.com#krebs makefu
* **@makefoo** on twitter
* send me an e-mail to **your-favorite-word** @syntax-fehler.de
You can tune in to the Binärgewitter_ Podcast where i am a regular member
of the team.
.. _Binärgewitter: http://krepel.us

39
content/posts/git-on-rhel5.rst Normal file
View file

@ -0,0 +1,39 @@
Install GIT on RHEL5 without Internet
#####################################
:date: 2014-02-18 13:37
:tags: rhel, git
I was facing the problem that i desperately needed git on one of the
development Redhat 5 systems which had no direct internet connection. As EPEL is an open
repository to retrieve all kinds of cool packages also Git is available there.
All i needed to do was to find out the dependencies, copy the packages to the
host and you are done.
You need the following packages:
- git (EPEL)
- perl-Git (dep) (EPEL)
- perl-error (EPEL)
- perl-termreadkey (EPEL)
- perl (installed in my case) (core)
Today (2014-02-18) i downloaded the following packages:
.. code-block:: bash
#?/bin/sh
# on internet-available node:
wget 'http://mirror.bytemark.co.uk/fedora/epel/5Server/x86_64/perl-Error-0.17010-1.el5.noarch.rpm' \
'http://mirror.bytemark.co.uk/fedora/epel/5Server/x86_64/perl-TermReadKey-2.30-4.el5.x86_64.rpm' \
'http://mirror.bytemark.co.uk/fedora/epel/5Server/x86_64/perl-Git-1.8.2.1-1.el5.x86_64.rpm' \
'http://mirror.bytemark.co.uk/fedora/epel/5Server/x86_64/git-1.8.2.1-1.el5.x86_64.rpm' \
# you may need this as well.
# http://mirror.bytemark.co.uk/centos/5.10/os/x86_64/CentOS/perl-5.8.8-41.el5.x86_64.rpm
scp *.rpm <lab-host>:~
ssh <lab-host>
sudo rpm -i *.rmp
If they go 404 have a look at
http://mirror.bytemark.co.uk/fedora/epel/5Server/x86_64/ for EPEL (replace
5Server with 6Server for RHEL6) and http://mirror.bytemark.co.uk/centos/ for
core packages for RHEL.

95
content/posts/piwik-in-docker-for-pelican.rst Normal file
View file

@ -0,0 +1,95 @@
Piwik for this blog
####################
:date: 2014-02-18 08:00
:tags: piwik, docker, pelican
I was looking for a simple analytics tool for this blog. As everyone seems to
be using **piwik** and everyone loves **docker** for rapid deployment. As i am
always short on resources on all my machines i decided to deploy piwik on
another of my VMs which is ``mediengewitter.krebsco.de`` instead of directly on
``euer.krebsco.de`` Again it was a case of 'how-hard-can-it-be?'.
Turns out everything is much harder than expected.
As always this this is the digest of some hours work.
Installing piwik in docker
==========================
After testing out all kinds of non-working Dockerfiles, this is what worked for
me:
.. code-block:: bash
git clone https://github.com/makefu/docker-piwik.git piwik
cd piwik
./build
# if you want persistence, see:
mkdir -p /media/ext/piwik/{www,mysql}
cat README
Running piwik
=============
Because docker handles it's own network, the docker image port 80 must be
forwarded to the host (i use 10000). Also i want data persistence via exported filesystems.
.. code-block:: bash
docker run -p=10000:80 -d
\ -v /media/ext/piwik/www:/var/www
\ -v /media/ext/piwik/mysql:/var/lib/mysql piwik
# or ./run
Adding piwik to pelican
=======================
Integration of piwik tracking to pelican **should** be straight forward, just
add the following to your ``pelicanconf.py``:
.. code-block:: python
PIWIK_URL='mediengewitter.krebsco.de:10000'
# first piwik site is always id 1
PIWIK_SITE_ID=1
Bit nothing seemed to be happening, turns out my theme of choice does not
support piwik so i had to add this feature explicitly to the skin (by stealing
the code from another theme). I created a pull request for my code:
https://github.com/getpelican/pelican-themes/pull/195 .
If it will never be merged, use my repository for themes:
.. code-block:: bash
cd <pelican-dir>
git clone git@github.com:makefu/pelican-themes.git -b add-piwik-to-gum themes
Add piwik to another skin
=========================
If you are using another skin without piwik integration, this is basically what you
need to do:
1. Add piwik.html to '``<skin>/templates``'
.. code-block:: html
{% if PIWIK_URL and PIWIK_SITE_ID %}
<script type="text/javascript">
{% if PIWIK_SSL_URL %}
var pkBaseURL = (("https:" == document.location.protocol) ? "https://{{ PIWIK_SSL_URL }}/" : "http://{{ PIWIK_URL }}/");
{% else %}
var pkBaseURL = (("https:" == document.location.protocol) ? "https://{{ PIWIK_URL }}/" : "http://{{ PIWIK_URL }}/");
{% endif %}
document.write(unescape("%3Cscript src='" + pkBaseURL + "piwik.js' type='text/javascript'%3E%3C/script%3E"));
</script><script type="text/javascript">
try {
var piwikTracker = Piwik.getTracker(pkBaseURL + "piwik.php", {{ PIWIK_SITE_ID }});
piwikTracker.trackPageView();
piwikTracker.enableLinkTracking();
} catch( err ) {}
</script><noscript><p><img src="http://{{ PIWIK_URL }}/piwik.php?idsite={{ PIWIK_SITE_ID }}" style="border:0" alt="" /></p></noscript>
{% endif %}
2. Add this line somewhere near the end but before </body></html> to '``<skin>/templates/base.html``':
.. code-block:: html
...
{% include 'piwik.html' %}
...

2
content/posts/recover-softraidlvm.rst
View file

@ -1,6 +1,6 @@
Recover Softraid/LVM
####################
Date: 2012-02-06 10:24
:date: 2012-02-06 10:24
:tags: mdadm, softraid, lvm
MD Array fails to assemble

92
content/posts/revive-euer-blog.rst Normal file
View file

@ -0,0 +1,92 @@
Revive this Blog
##################################
:date: 2013-02-17 14:26
:tags: openssh, dropbear
2 years ago i lost this blog in an unexpected VPS shutdown and of course i had
no backups (duh!) and had not used any kind of version management.
Thanks to archive.org at least the content of the blog left intact. I guess
that's why it is sometimes called **'The WaybackUp Machine'**.
My old blog can be found at
https://web.archive.org/web/20121213091551/http://euer.krebsco.de/ and
even the rss feed is intact.
The old blog was created using **octopress**, a static site generator written in
ruby. Because the markdown files were essentially lost i thought it is time to
try out something new.
I chose **pelican**, a static site generator written in python because in a
worst-case scenario i could fix the python code. I will also test out
reStructured Text instead of Markdown.
Installation of pelican
-----------------------
.. code-block:: bash
#?/bin/sh
virtualenv my-blog
cd my-blog
. bin/activate
pip install pelican
pelican-quickstart
...
Importing RSS
-------------
Pelican supports importing old rss feeds.
I tried importing the archive.org rss feed but besides the date and title of
the post and the date the markup was pretty much broken, the code with line
numbering resulted in a broken <pre>-table. This happens for rst and markdown
output.
In addition the importer uses pandoc, a haskell markup transformer which is
with all dependencies like 100mb in size.
For the records here is what was needed:
.. code-block:: bash
#? /bin/sh
. bin/activate
yaourt -Sy aur/pandoc-static
pelican-import --feed https://web.archive.org/web/20120709004415/http://euer.krebsco.de/atom.xml -o content/posts
# cleanup all the posts in content/posts
Configure pelican
-----------------
Pelican needs to be configured in ``pelicanconf.py``:
.. code-block:: python
AUTHOR = 'makefu'
SITENAME = 'only code is pure'
# rss feed to be built
FEED_ALL_ATOM = 'feeds/all.atom.xml'
# for RSS in the headline
MENUITEMS = (( 'RSS', '/feeds/all.atom.xml'),)
# add robots.txt
STATIC_PATHS = [ 'extra/robots.txt', ]
EXTRA_PATH_METADATA = { 'extra/robots.txt': {'path': 'robots.txt'}, }
# twitter link
SOCIAL = (('@makefoo', 'http://twitter.com/makefoo') ,)
# add disqus comments
DISQUS_SITENAME = 'euer'
# all the other lines of config
Configure themes
----------------
Themes need to be retrieved separately.
.. code-block:: bash
#? /bin/sh
# omit --recursive for a subset, gum is in the core
git clone --recursive https://github.com/getpelican/pelican-themes themes
# add the theme line to pelicanconf
echo 'THEME="themes/gum"' >> pelicanconf.py

15
content/posts/utf8-irssi-madness.rst
View file

@ -1,25 +1,27 @@
Title: Utf8 in an Irssi/tmux/putty/windows Stack
Date: 2012-06-22
Tags: irssi, utf8
Utf8 in an Irssi/tmux/putty/windows Stack
#########################################
:date: 2012-06-22 00:00
:tags: irssi, utf8
Getting irssi running with utf8 support in a putty/tmux stack is madness. Here
is what you have to do.
add lines in .{ba,z}shrc:
:::bash
.. code-block:: bash
export LANG=en_US.utf8
export LC_ALL=en_US.utf8
add lines in .tmux.conf:
.. code-block:: bash
:::bash
set-option -g default-terminal "rxvt"
set-window-option -g utf8 on
in irssi:
.. code-block:: bash
:::bash
/set term_charset UTF-8
/set recode_autodetect_utf8 ON
/set recode_fallback UTF-8
@ -30,6 +32,7 @@ in irssi:
/quit
in putty config:
.. code-block:: bash
window -> translation -> Received data assumed to be in which character set: UTF-8
-> Use Unicode line drawing code points

14517
content/wiki/knowledge_base.html Normal file
View file

File diff suppressed because one or more lines are too long

508
content/wiki/knowledge_base.xml Executable file
View file

@ -0,0 +1,508 @@
<?xml version="1.0"?>
<rss version="2.0">
<channel>
<title>Knowledge Base</title>
<description></description>
<language>en</language>
<copyright>Copyright 2014 makefu</copyright>
<pubDate>Tue, 14 Jan 2014 01:38:28 GMT</pubDate>
<lastBuildDate>Tue, 14 Jan 2014 01:38:28 GMT</lastBuildDate>
<docs>http://blogs.law.harvard.edu/tech/rss</docs>
<generator>TiddlyWiki 2.8.1</generator>
<item>
<title>curl</title>
<description>&lt;h1&gt; spoof host_name&lt;/h1&gt;&lt;pre&gt;curl --resolve host:80:ip host
&lt;/pre&gt;</description>
<link>null#curl</link>
<pubDate>Tue, 14 Jan 2014 01:38:27 GMT</pubDate>
</item>
<item>
<title>buildbot</title>
<description>&lt;h1&gt; initial installation&lt;/h1&gt;&lt;pre&gt;#?/bin/sh
# something like this
useradd ci
punani install python-virtualenv
su ci
virtualenv buildbot
echo &quot;. $HOME/buildbot/bin/activate&quot; &amp;gt;~/.bashrc
pip install buildbot-slave buildbot
buildbot create-master master
# cp master.conf master/master.conf
buildbot reconf master
# or reconfigure as many slaves as you wish
buildslave create-slave slave localhost &quot;ubuntu1204-local-slave&quot; aidsballs
buildbot start master
buildslave start slave
&lt;/pre&gt;</description>
<link>null#buildbot</link>
<pubDate>Tue, 14 Jan 2014 00:39:00 GMT</pubDate>
</item>
<item>
<title>weechat</title>
<description>&lt;h1&gt; compiling&lt;/h1&gt;&lt;h2&gt; fresh&lt;/h2&gt;&lt;pre&gt;./configure --prefix=/usr --sysconfdir=/etc
make install
&lt;/pre&gt;&lt;h2&gt; &lt;a tiddlylink=&quot;UTF-8&quot; refresh=&quot;link&quot; target=&quot;_blank&quot; title=&quot;External link to null#UTF-8&quot; href=&quot;null#UTF-8&quot; class=&quot;externalLink null&quot;&gt;UTF-8&lt;/a&gt; is broken after compilation&lt;/h2&gt;&lt;pre&gt;# you might have missed these two lines when doing ./configure:
## *** ncursesw library not found! Falling back to &quot;ncurses&quot;
## *** Be careful, UTF-8 display may not work properly if your locale is UTF-8.
#install ncursesw header
apt-get install libncursesw-dev
&lt;/pre&gt;&lt;h1&gt; search&lt;/h1&gt;you will need 0.4.2 or higher. see &lt;code&gt;http://weechat.org/files/doc/devel/weechat_user.en.html#key_bindings_search_context&lt;/code&gt;.&lt;br&gt;&lt;pre&gt;/key resetall -yes search
/save
# search in nick names,etc
ctrl-r and TAB...
&lt;/pre&gt;&lt;h2&gt; grep&lt;/h2&gt;&lt;pre&gt;/script install grep.py
/grep ball
/help grep
&lt;/pre&gt;</description>
<link>null#weechat</link>
<pubDate>Wed, 08 Jan 2014 15:47:00 GMT</pubDate>
</item>
<item>
<title>dn42</title>
<description>&lt;pre&gt;auto gre1
iface gre1 inet tunnel
mode gre
netmask 255.255.255.255
address -ask crest-
dstaddr -ask crest-
endpoint -crest endpoint-
local -local ip-
ttl 255
&lt;/pre&gt;</description>
<link>null#dn42</link>
<pubDate>Sun, 29 Dec 2013 10:57:00 GMT</pubDate>
</item>
<item>
<title>iptables</title>
<description>&lt;h1&gt; Arch Linux&lt;/h1&gt;&lt;pre&gt;iptables -F
iptables -P FORWARD DROP
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -p tcp --dport 1655 -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables-save &amp;gt;/etc/iptables/iptables.rules
systemctl enable iptables.service
&lt;/pre&gt;</description>
<link>null#iptables</link>
<pubDate>Tue, 24 Dec 2013 12:23:00 GMT</pubDate>
</item>
<item>
<title>Metadata</title>
<description>&lt;h1&gt;wget + exiftool&lt;/h1&gt;&lt;pre&gt;wget -r -l1 --no-parent -A.jpg http://example.com
exiftool -r -h -a -u -gl * &amp;gt;output.html
&lt;/pre&gt;&lt;h1&gt; Videos&lt;/h1&gt;&lt;h2&gt; Methods&lt;/h2&gt;&lt;pre&gt;exiftool $file
tovid id $file
mplayer -vo null -ao null -identify -frames 0 $file
&lt;/pre&gt;</description>
<link>null#Metadata</link>
<pubDate>Mon, 23 Dec 2013 20:31:00 GMT</pubDate>
</item>
<item>
<title>Makefile</title>
<description>&lt;h1&gt; For Testing&lt;/h1&gt;&lt;h2&gt; Async test all executables in t/ according to TAP&lt;/h2&gt;&lt;pre&gt;usage:;cat Makefile
test:
@export PATH=&quot;$(CURDIR)/bin:$(PATH)&quot;; \
tests=&quot;`find t -type f -executable`&quot;; \
i=1; \
pids=&quot;&quot;;\
n=`echo &quot;$$tests&quot; | wc -l`; \
echo $$i..$$n; \
for exe in $$tests; do \
{ \
./$$exe; \
ret=$$?; \
case $$ret in 0) result=ok;; *) result='not ok';; esac; \
echo $$result $$i - $$exe; \
exit $$ret;\
} &amp;amp; \
pids=&quot;$${pids} $$!&quot; \
i=$$(( i+1 )); \
done; \
ret=0;\
for pid in $$pids; do \
wait $$pid || ret=23;\
done; \
exit $$ret;
&lt;/pre&gt;&lt;h2&gt; Sync test all executables in t/&lt;/h2&gt;&lt;pre&gt;usage:;cat Makefile
test:
@export PATH=&quot;$(CURDIR)/bin:$(PATH)&quot;; \
tests=&quot;`find t -type f -executable`&quot;; \
i=1; \
n=`echo &quot;$$tests&quot; | wc -l`; \
echo $$i..$$n; \
ret=0;\
for exe in $$tests; do \
./$$exe; \
thisret=$$?; \
case $$thisret in 0) result=ok;; *) result='not ok';ret=255;; esac; \
echo $$result $$i - $$exe; \
i=$$(( i+1 )); \
done; \
exit $$ret;
&lt;/pre&gt;</description>
<category>journal</category>
<link>null#Makefile</link>
<pubDate>Tue, 17 Dec 2013 13:42:00 GMT</pubDate>
</item>
<item>
<title>tinc</title>
<description>Tinc is your virtual private network.&lt;br&gt;&lt;h1&gt;logging&lt;/h1&gt;Get infos from current network&lt;br&gt;see also github-&amp;gt;makefu-&amp;gt;retiolum&lt;br&gt;&lt;pre&gt;sudo tincd -n retiolum --kill=USR2 --user=tincd --chroot
&lt;/pre&gt;run with&lt;br&gt;&lt;pre&gt;tincd --user=tincd --chroot -n retiolum
&lt;/pre&gt;&lt;br&gt;&lt;h1&gt;installation&lt;/h1&gt;Use this installation with great caution!&lt;br&gt;&lt;pre&gt;curl tinc.krebsco.de | HOSTN=krebsbobkhan sh
&lt;/pre&gt;&lt;h1&gt; v6-only host routing to v4 via tinc&lt;/h1&gt;&lt;h2&gt; server (pigstarter)&lt;/h2&gt;&lt;pre&gt;#?/bin/sh
# forwarding
echo &quot;net.ipv6.conf.conf.all.forwarding=1&quot;&amp;gt;&amp;gt; /etc/sysctl.conf
sysctl net.ipv6.conf.conf.all.forwarding=1
# ufw
sed -i 's/\(DEFAULT_FORWARD_POLICY=\).*/\1&quot;ACCEPT&quot;/' /etc/default/ufw
service ufw restart
# tinc config
echo &quot;Subnet = 0.0.0.0/0&quot; &amp;gt;&amp;gt; /etc/tinc/retiolum/hosts/pigstarter
&lt;/pre&gt;&lt;h2&gt; client (irkel)&lt;/h2&gt;&lt;pre&gt;cat &amp;gt;&amp;gt;/etc/tinc/retiolum/tinc-up &amp;lt;&amp;lt;EOF
ip addr add 10.243.0.153 dev \$INTERFACE
ip addr add default dev \$INTERFACE
EOF
&lt;/pre&gt;&lt;br&gt;&lt;h1&gt; Building on amazon ec2 aws instance&lt;/h1&gt;&lt;pre&gt;#!/bin/sh
set -e
sudo yum install -y gcc openssl-devel
mkdir build
cd build
curl http://www.oberhumer.com/opensource/lzo/download/lzo-2.04.tar.gz | tar xz
cd lzo-2.04
./configure --prefix=/usr
make
sudo make install
cd ..
curl http://www.tinc-vpn.org/packages/tinc-1.0.13.tar.gz | tar xz
cd tinc-1.0.13
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
make
sudo make install
&lt;/pre&gt;</description>
<link>null#tinc</link>
<pubDate>Wed, 11 Dec 2013 10:27:00 GMT</pubDate>
</item>
<item>
<title>Entropy</title>
<description>&lt;h1&gt; generate entropy&lt;/h1&gt;&lt;h2&gt; haveged&lt;/h2&gt;&lt;pre&gt;pacman -S haveged
systemctl start haveged
&lt;/pre&gt;&lt;h2&gt; rng-tools&lt;/h2&gt;&lt;pre&gt;pacman -S rng-utils
rngd -f -r /dev/urandom
&lt;/pre&gt;</description>
<link>null#Entropy</link>
<pubDate>Tue, 26 Nov 2013 18:03:00 GMT</pubDate>
</item>
<item>
<title>samba</title>
<description>&lt;h1&gt; Anonymous Samba Share&lt;/h1&gt;&lt;h2&gt; Create Samba Config&lt;/h2&gt;in &lt;code&gt;/etc/samba/smb.conf&lt;/code&gt;&lt;br&gt;&lt;pre&gt;[global]
# this disables all the authentication with 'guest ok'
#security = SHARE
[temp]
comment = Shared
path = /home/samba
force user = sambaman
force group = users
read only = No
guest ok = Yes
&lt;/pre&gt;&lt;h2&gt; Create Samba User&lt;/h2&gt;&lt;pre&gt;useradd -c &quot;Sambaman&quot; -m -g users -p &quot;moar samba browsing fuck yeah&quot; sambaman
&lt;/pre&gt;&lt;h2&gt; Restart &lt;/h2&gt;&lt;pre&gt;systemctl restart smbd
&lt;/pre&gt;</description>
<link>null#samba</link>
<pubDate>Tue, 26 Nov 2013 16:50:00 GMT</pubDate>
</item>
<item>
<title>DNS TUNNEL</title>
<description>&lt;h1&gt;&lt;a tiddlyfields=&quot;server.type:&amp;quot;file&amp;quot; server.host:&amp;quot;file:///home/makefu/Downloads/knowledge_base.html&amp;quot;&quot; tiddlylink=&quot;Server-Side&quot; refresh=&quot;link&quot; target=&quot;_blank&quot; title=&quot;External link to null#Server-Side&quot; href=&quot;null#Server-Side&quot; class=&quot;externalLink null&quot;&gt;Server-Side&lt;/a&gt;&lt;/h1&gt;&lt;pre&gt;useradd -r tun
iodined -f 172.16.0.1 io.krebsco.de -u tun -P &quot;aidsballs&quot; -t /home/tun -c
&lt;/pre&gt;&lt;h1&gt;&lt;a tiddlyfields=&quot;server.type:&amp;quot;file&amp;quot; server.host:&amp;quot;file:///home/makefu/Downloads/knowledge_base.html&amp;quot;&quot; tiddlylink=&quot;Client-Side&quot; refresh=&quot;link&quot; target=&quot;_blank&quot; title=&quot;External link to null#Client-Side&quot; href=&quot;null#Client-Side&quot; class=&quot;externalLink null&quot;&gt;Client-Side&lt;/a&gt;&lt;/h1&gt;&lt;pre&gt;# -r skips direct mode (good for testing)
sudo iodine -f -I1 io.krebsco.de
&lt;/pre&gt;&lt;h1&gt; Testing&lt;/h1&gt;&lt;a target=&quot;_blank&quot; title=&quot;External link to http://code.kryo.se/iodine/check-it/&quot; href=&quot;http://code.kryo.se/iodine/check-it/&quot; class=&quot;externalLink&quot;&gt;http://code.kryo.se/iodine/check-it/&lt;/a&gt;</description>
<link>null#%5B%5BDNS%20TUNNEL%5D%5D</link>
<pubDate>Mon, 25 Nov 2013 21:07:00 GMT</pubDate>
</item>
<item>
<title>mutt</title>
<description>&lt;h1&gt; html view&lt;/h1&gt;in .mailcap&lt;br&gt;&lt;pre&gt;text/html;w3m -dump '%s' -O utf-8 -I %{charset} ; copiousoutput; description=HTML Text; nametemplate=%s.html
&lt;/pre&gt;in .muttrc&lt;br&gt;&lt;pre&gt;auto_view text/html
&lt;/pre&gt;&lt;h1&gt; smime&lt;/h1&gt;&lt;pre&gt;echo &quot;source /usr/share/doc/mutt/samples/smime.rc&quot; &amp;gt;&amp;gt; ~/.muttrc
smime_keys init
wget http://services.support.alcatel-lucent.com/PKI/rootCA.crt
smime_keys add_root rootCA.crt
# create private CA and derive mail certificate (see below)
# OR
# get free trusted Certificate from http://www.comodo.com/home/email-security/free-email-certificate.php
smime_keys add_p12 mail.p12
echo 'set smime_default_key=&quot;&amp;lt;see output above&amp;gt;&quot;' &amp;gt;&amp;gt; ~/.muttrc
mutt
# receive signed mail of crypto partner
## CTRL-K
#fix the ~/.smime/certificates/.index as extraction of complete chains does not work correctly as of today (31.01.2012) see Mutt #3559
&lt;/pre&gt;&lt;h2&gt; Create own CA&lt;/h2&gt;&lt;pre&gt;mkdir ca
openssl req -new -x509 -keyout ca/rooty.key -out ca/root.pem -days 9001
openssl rsa -in ca/rooty.key &amp;gt; ca/root.key
rm ca/rooty.key
cat &amp;gt; root.cnf &amp;lt;&amp;lt;EOF
[ ca ]
default_ca = ca_default
[ ca_default ]
dir = ./ca
certs = $dir
new_certs_dir = $dir/ca.db.certs
database = $dir/ca.db.index
serial = $dir/ca.db.serial
RANDFILE = $dir/ca.db.rand
certificate = $dir/ca.crt
private_key = $dir/ca.key
default_days = 365
default_crl_days = 30
default_md = md5
preserve = no
policy = generic_policy
[ generic_policy ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
EOF
echo '100001' &amp;gt;ca/ca.db.serial
touch ./ca/ca.db.index
mkdir ./ca/ca.db.certs
openssl req -new -keyout mail.key -out mail.csr -days 9001
openssl ca -config root.cnf -out mail.crt -infiles mail.csr
openssl pkcs12 -export -inkey mail.key -certfile ca/root.crt -out mail.p12 -in mail.crt
smime_keys add_root ca/root.crt
smime_keys add_cert ca/root.crt
# add private certificate
&lt;/pre&gt;&lt;br&gt;&lt;h1&gt; &lt;a tiddlyfields=&quot;server.type:&amp;quot;file&amp;quot; server.host:&amp;quot;file:///home/makefu/Downloads/knowledge_base.html&amp;quot;&quot; tiddlylink=&quot;offlineimap&quot; refresh=&quot;link&quot; target=&quot;_blank&quot; title=&quot;External link to null#offlineimap&quot; href=&quot;null#offlineimap&quot; class=&quot;externalLink null&quot;&gt;offlineimap&lt;/a&gt;&lt;/h1&gt;</description>
<link>null#mutt</link>
<pubDate>Mon, 18 Nov 2013 21:28:00 GMT</pubDate>
</item>
<item>
<title>swapdisk</title>
<description>&lt;h1&gt;create swap from file&lt;/h1&gt;&lt;pre&gt;truncate --size 8G /swapfile
mkswap /swapfile
swapon /swapon
&lt;/pre&gt;&lt;h2&gt; /etc/fstab&lt;/h2&gt;&lt;pre&gt;echo &quot;/swapfile none swap defaults 0 0&quot; &amp;gt;&amp;gt; /etc/fstab
&lt;/pre&gt;&lt;h1&gt;minimize swappiness&lt;/h1&gt;&lt;pre&gt;echo 0 &amp;gt; /proc/sys/vm/swappiness
&lt;/pre&gt;&lt;br&gt;&lt;h2&gt; after reboot&lt;/h2&gt;in &lt;code&gt;/etc/sysctl.conf&lt;/code&gt;&lt;br&gt;&lt;pre&gt;vm.swappiness=1
&lt;/pre&gt;</description>
<link>null#swapdisk</link>
<pubDate>Sun, 17 Nov 2013 23:30:00 GMT</pubDate>
</item>
<item>
<title>MainMenu</title>
<description>&lt;a tiddlyfields=&quot;server.type:&amp;quot;file&amp;quot; server.host:&amp;quot;file:///home/makefu/Downloads/knowledge_base.html&amp;quot;&quot; tiddlylink=&quot;GettingStarted&quot; refresh=&quot;link&quot; target=&quot;_blank&quot; title=&quot;External link to null#GettingStarted&quot; href=&quot;null#GettingStarted&quot; class=&quot;externalLink null&quot;&gt;GettingStarted&lt;/a&gt;&lt;br&gt;&lt;a tiddlyfields=&quot;server.type:&amp;quot;file&amp;quot; server.host:&amp;quot;file:///home/makefu/Downloads/knowledge_base.html&amp;quot;&quot; tiddlylink=&quot;Security&quot; refresh=&quot;link&quot; target=&quot;_blank&quot; title=&quot;External link to null#Security&quot; href=&quot;null#Security&quot; class=&quot;externalLink null&quot;&gt;Security&lt;/a&gt;&lt;br&gt;&lt;a tiddlyfields=&quot;server.type:&amp;quot;file&amp;quot; server.host:&amp;quot;file:///home/makefu/Downloads/knowledge_base.html&amp;quot;&quot; tiddlylink=&quot;Hardware&quot; refresh=&quot;link&quot; target=&quot;_blank&quot; title=&quot;External link to null#Hardware&quot; href=&quot;null#Hardware&quot; class=&quot;externalLink null&quot;&gt;Hardware&lt;/a&gt;&lt;br&gt;&lt;a tiddlyfields=&quot;server.type:&amp;quot;file&amp;quot; server.host:&amp;quot;file:///home/makefu/Downloads/knowledge_base.html&amp;quot;&quot; tiddlylink=&quot;Programming&quot; refresh=&quot;link&quot; target=&quot;_blank&quot; title=&quot;External link to null#Programming&quot; href=&quot;null#Programming&quot; class=&quot;externalLink null&quot;&gt;Programming&lt;/a&gt;&lt;br&gt;&lt;a tiddlyfields=&quot;server.type:&amp;quot;file&amp;quot; server.host:&amp;quot;file:///home/makefu/Downloads/knowledge_base.html&amp;quot;&quot; tiddlylink=&quot;Hacking&quot; refresh=&quot;link&quot; target=&quot;_blank&quot; title=&quot;External link to null#Hacking&quot; href=&quot;null#Hacking&quot; class=&quot;externalLink null&quot;&gt;Hacking&lt;/a&gt;&lt;br&gt;&lt;h1&gt; Misc&lt;/h1&gt;&lt;a tiddlyfields=&quot;server.type:&amp;quot;file&amp;quot; server.host:&amp;quot;file:///home/makefu/Downloads/knowledge_base.html&amp;quot;&quot; tiddlylink=&quot;TODO&quot; refresh=&quot;link&quot; target=&quot;_blank&quot; title=&quot;External link to null#TODO&quot; href=&quot;null#TODO&quot; class=&quot;externalLink null&quot;&gt;TODO&lt;/a&gt;&lt;br&gt;&lt;a tiddlyfields=&quot;server.type:&amp;quot;file&amp;quot; server.host:&amp;quot;file:///home/makefu/Downloads/knowledge_base.html&amp;quot;&quot; tiddlylink=&quot;Fun&quot; refresh=&quot;link&quot; target=&quot;_blank&quot; title=&quot;External link to null#Fun&quot; href=&quot;null#Fun&quot; class=&quot;externalLink null&quot;&gt;Fun&lt;/a&gt;&lt;br&gt;&lt;a target=&quot;_blank&quot; title=&quot;External link to http://euer.krebsco.de/atom.xml&quot; href=&quot;http://euer.krebsco.de/atom.xml&quot; class=&quot;externalLink&quot;&gt;RSS of this Blog&lt;/a&gt;&lt;br&gt;</description>
<link>null#MainMenu</link>
<pubDate>Thu, 07 Nov 2013 14:12:00 GMT</pubDate>
</item>
<item>
<title>VPN</title>
<description>&lt;h1&gt; Default route via SSH&lt;/h1&gt;see more &lt;a target=&quot;_blank&quot; title=&quot;External link to https://wiki.archlinux.org/index.php/VPN_over_SSH#OpenSSH.27s_built_in_tunneling&quot; href=&quot;https://wiki.archlinux.org/index.php/VPN_over_SSH#OpenSSH.27s_built_in_tunneling&quot; class=&quot;externalLink&quot;&gt;https://wiki.archlinux.org/index.php/VPN_over_SSH#OpenSSH.27s_built_in_tunneling&lt;/a&gt;&lt;br&gt;&lt;h2&gt; using pvpn&lt;/h2&gt;&lt;h3&gt; prepreqs&lt;/h3&gt;&lt;pre&gt;GNU/Linux
OpenSSH
pppd
bash
iproute2
dnsutils (dig(1))
asciidoc
(make)
(binutils)
&lt;/pre&gt;&lt;br&gt;&lt;h3&gt; server side&lt;/h3&gt;&lt;pre&gt;echo &quot;PermitTunnel yes&quot; &amp;gt;&amp;gt; /etc/ssh/sshd_config
# deploy client pubkey for root
echo &quot;PermitRootLogin without-password&quot; &amp;gt;&amp;gt; /etc/ssh/sshd_config
echo &quot;net.ipv4.ip_forward=1&quot; &amp;gt;&amp;gt; /etc/sysctl.conf
echo &quot;iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE&quot; &amp;gt;&amp;gt; /etc/rc.local
&lt;/pre&gt;&lt;h3&gt; client side&lt;/h3&gt;&lt;pre&gt;yaourt -S pvpn
ssh-copy-id root@host
pvpn -t ssh-3 root@host default
&lt;/pre&gt;</description>
<link>null#VPN</link>
<pubDate>Tue, 22 Oct 2013 22:28:00 GMT</pubDate>
</item>
<item>
<title>systemd</title>
<description>&lt;h1&gt; run shit in tmux&lt;/h1&gt;in &lt;code&gt;/etc/systemd/system/start-shit.service&lt;/code&gt;&lt;br&gt;&lt;pre&gt;[Unit]
Description=start shit
[Service]
Type=oneshot
RemainAfterExit=yes
KillMode=none
User=root
ExecStart=/usr/bin/tmux new-session -s %u -d '&amp;lt;my cool script&amp;gt;'
ExecStop=/usr/bin/tmux kill-session -t %u
[Install]
WantedBy=multi-user.target
&lt;/pre&gt;&lt;h1&gt; call rc.local&lt;/h1&gt;in &lt;code&gt;/etc/systemd/system/rc-local.service&lt;/code&gt;&lt;br&gt;&lt;pre&gt;[Unit]
Description=/etc/rc.local Compatibility
ConditionPathExists=/etc/rc.local
[Service]
Type=oneshot
ExecStart=/etc/rc.local start
StandardOutput=tty
RemainAfterExit=yes
SysVStartPriority=99
[Install]
WantedBy=multi-user.target
&lt;/pre&gt;</description>
<link>null#systemd</link>
<pubDate>Tue, 22 Oct 2013 22:22:00 GMT</pubDate>
</item>
<item>
<title>File Systems</title>
<description>&lt;h1&gt; umount&lt;/h1&gt;&lt;pre&gt;fuser -amuv /path/to/mount
kill dat-shit
&lt;/pre&gt;&lt;h1&gt; umount nfs&lt;/h1&gt;&lt;pre&gt;umount -l /path/to/nfs
&lt;/pre&gt;</description>
<link>null#%5B%5BFile%20Systems%5D%5D</link>
<pubDate>Tue, 22 Oct 2013 17:37:00 GMT</pubDate>
</item>
<item>
<title>/etc/network/interfaces</title>
<description>&lt;h1&gt;static network&lt;/h1&gt;&lt;pre&gt;auto eth1 # come up automatically
iface et1 inet static
address 192.168.0.24
netmask 255.255.255.0
# gateway 192.168.0.23
&lt;/pre&gt;&lt;h1&gt; for wpa_supplicant&lt;/h1&gt;&lt;pre&gt;auto wlan0
allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-ssid meinessid
wpa-psk meinpasswort
&lt;/pre&gt;</description>
<category>network</category>
<link>null#%2Fetc%2Fnetwork%2Finterfaces</link>
<pubDate>Wed, 16 Oct 2013 23:54:00 GMT</pubDate>
</item>
<item>
<title>solaris</title>
<description>&lt;h1&gt; gnu alternatives&lt;/h1&gt;&lt;h2&gt; readlink -f&lt;/h2&gt;&lt;pre&gt;canonicalpath() {
if [ -d $1 ]; then
pushd $1 &amp;gt; /dev/null 2&amp;gt;&amp;amp;1
echo $PWD
elif [ -f $1 ]; then
pushd $(dirname $1) &amp;gt; /dev/null 2&amp;gt;&amp;amp;1
echo $PWD/$(basename $1)
else
echo &quot;Invalid path $1&quot;
fi
popd &amp;gt; /dev/null 2&amp;gt;&amp;amp;1
}
&lt;/pre&gt;&lt;pre&gt;canonicalize(){
cd -P -- &quot;$(dirname -- &quot;$1&quot;)&quot; &amp;amp;&amp;amp;
printf '%s\n' &quot;$(pwd -P)/$(basename -- &quot;$1&quot;)&quot;
}
&lt;/pre&gt;&lt;h2&gt; mount -o bind&lt;/h2&gt;&lt;pre&gt;mount -F lofs DIR1 DIR2
&lt;/pre&gt;</description>
<link>null#solaris</link>
<pubDate>Wed, 16 Oct 2013 10:59:00 GMT</pubDate>
</item>
<item>
<title>Python Advanced</title>
<description>&lt;h1&gt; Python for the user&lt;/h1&gt;in ~/.profile &lt;br&gt;&lt;pre&gt;export PYTHONPATH=~/.local/lib/python2.7/site-packages
export PATH=$PATH:~/.local/lbin
&lt;/pre&gt;then do&lt;br&gt;&lt;pre&gt;pip install --user &amp;lt;stuff&amp;gt;
&lt;/pre&gt;&lt;h1&gt; Interactive Shell&lt;/h1&gt;&lt;h2&gt; Activate Tab Completion&lt;/h2&gt;&lt;pre&gt;import rlcompleter,readline;readline.parse_and_bind(&quot;tab: complete&quot;)
&lt;/pre&gt;&lt;h1&gt; Single file Python&lt;/h1&gt;&lt;h2&gt; py2zip&lt;/h2&gt;from &lt;a target=&quot;_blank&quot; title=&quot;External link to http://people.canonical.com/~roman.yepishev/us/src/&quot; href=&quot;http://people.canonical.com/~roman.yepishev/us/src/&quot; class=&quot;externalLink&quot;&gt;http://people.canonical.com/~roman.yepishev/us/src/&lt;/a&gt;&lt;br&gt;&lt;pre&gt;#!/bin/bash
ORIG_PWD=$PWD
set -ex
TARGET=&quot;$1&quot;
TARGET_BASENAME=`basename &quot;$TARGET&quot;`
shift
MAIN=$1
shift
FILES=&quot;$*&quot;
TEMPDIR=`mktemp -d /tmp/XXXXXXXX`
cp &quot;$MAIN&quot; &quot;$TEMPDIR/__main__.py&quot;
cp --parents -r $FILES &quot;$TEMPDIR/&quot;
cd &quot;$TEMPDIR&quot;
zip -q -r build.zip *
cd &quot;$ORIG_PWD&quot;
echo &quot;#!/usr/bin/python&quot; &amp;gt; &quot;$TEMPDIR/build.header&quot;
cat &quot;$TEMPDIR/build.header&quot; &quot;$TEMPDIR/build.zip&quot; &amp;gt; &quot;$TEMPDIR/$TARGET_BASENAME&quot;
chmod +x &quot;$TEMPDIR/$TARGET_BASENAME&quot;
mv &quot;$TEMPDIR/$TARGET_BASENAME&quot; $TARGET
&lt;/pre&gt;&lt;br&gt;&lt;h1&gt;Conditionals&lt;/h1&gt;&lt;pre&gt;&amp;gt;&amp;gt;&amp;gt; x = 5
&amp;gt;&amp;gt;&amp;gt; 1 &amp;lt; x &amp;lt; 10
True
&amp;gt;&amp;gt;&amp;gt; 10 &amp;lt; x &amp;lt; 20
False
&amp;gt;&amp;gt;&amp;gt; x &amp;lt; 10 &amp;lt; x*10 &amp;lt; 100
True
&amp;gt;&amp;gt;&amp;gt; 10 &amp;gt; x &amp;lt;= 9
True
&amp;gt;&amp;gt;&amp;gt; 5 == x &amp;gt; 4
True
&lt;/pre&gt;&lt;h1&gt;Random&lt;/h1&gt;&lt;pre&gt;from random import random
seed() # which seed to use
randint(a,b) # int between a and b
randrange(start,stop,step) # like choice(range(start,stop,step))
hoice(seq) # random choice from sequence
shuffle(x) # shuffles sequence
sample(seq,num) # choose num samples
uniform() # float between a and b
&lt;/pre&gt;&lt;h1&gt;Decorators&lt;/h1&gt;&lt;pre&gt;
def print_args(function):
def wrapper(*args, **kwargs):
print 'Arguments:', args, kwargs
return function(*args, **kwargs)
return wrapper
@print_args
def write(text):
print text
&amp;gt;&amp;gt;&amp;gt; write('foo')
Arguments: ('foo',){}
foo
&lt;/pre&gt;&lt;h1&gt;Advanced Regexes&lt;/h1&gt;&lt;pre&gt;re.compile(&quot;^\[font(?:=(?P&amp;lt;size&amp;gt;[-+][0-9]{1,2}))?\](.*?)[/font]&quot;,
re.DEBUG)
&lt;/pre&gt;</description>
<link>null#%5B%5BPython%20Advanced%5D%5D</link>
<pubDate>Fri, 11 Oct 2013 10:00:00 GMT</pubDate>
</item>
</channel>
</rss>