Using Ansible to restart a bunch of services running under systemd in --user mode.

Dec 02 2019

Let's say that you have a bunch of servers that you admin en masse using Ansible.  You have all of them listed and organized in your /etc/ansible/hosts file.  Let's say that each server is running a system service (like my Systembot) running under systemd in --user mode.  (Yes, I'm going to use my exocortex-halo/ repository for this, because I just worked out a good way to keep everything up to date and want to share the technique for everyone new to Ansible.  Pay it forward, you know?)  You want to use Ansible to update your copy of Systembot across everything so you don't have to SSH into every box and git pull the repo to get the updates.  A possible Ansible playbook to install the updates might look something like this:

Click for the rest of the article...

Challenge accepted: Archiving a Mastodon account with Huginn

Nov 17 2019

Last weekend I was running short of stuff to hack around on and lamented this fact on the Fediverse.  I was summarily challenged to find a way to archive posts to the Fediverse in an open, easy to understand data format that was easy to index, and did not use any third party services (like IFTTT or Zapier).  I thought about it a bit and came up with a reasonably simple solution that uses three Huginn agents to collect, process, and write out posts as individual JSON documents to the same box I run that part of my exocortex on.  This is going to go deep geek below the cut so if it's not your cup of tea, feel free to move on to an earlier post.

Click for the rest of the article...

Neologism: Entropic debugging

Nov 11 2019

entropic debugging - noun phrase - The phenomenon in which one can spend weeks on end debugging something using a multitude of techniques, give up in frustration and/or disgust for a couple of days, come back to the project and discover that somehow the bugs have magickally fixed themselves (as verified by diffs and file hashes if one cares to check).  The phenomenon is so named due to the second law of thermodynamics, which states that entropy can never decrease, only increase in an isolated system.  In other words, as entropy increases overall in the universe it somehow wiped out the bugs in question.  See also kinetic pattern baldness.

Neologism - Wires

Oct 27 2019

wires - noun - Person to person backchannels.

"I had to pull some wires to get that expense report fixed before the boss saw it."

Experimenting with btrfs in production.

Oct 19 2019

EDIT - 20191104 @ 2057 UTC-7 - Figured out how long it takes to scrub 40TB of disk space.  Also did a couple of experiments with rebalancing btrfs and monitored how long it took.

A couple of weeks ago while working on Leandra I started feeling more and more dissatisfied with how I had her storage array set up.  I had a bunch of 4TB hard drives inside her chassis glued together with Linux's mdadm subsystem into what amounts to a mother-huge hard drive (a RAID-5 array with a hotspare in case one blew out), and LVM on top of that which let me pretend that I was partitioning that mother-huge hard drive so I could mount large-ish pieces of it in different places.  The thing is, while you can technically resize those virtual partitions (logical volumes) to reallocate space, it's not exactly easy.  There's a lot of fiddly stuff that you have to do (resize the file system, resize the logical volume to match, grow the logical volume that needs space, grow the filesystem that needs space, make sure that you actually have enough space) and it gets annoying in a crisis.  There was a second concern, which was figuring out which drive was the one that blew out when none of them were labelled or even had indicators of any kind that showed which drive was doing something (like throwing errors because it had crashed).  This was a problem that required fairly major surgery to fix, on both hardware and software.

By the bye, the purpose of this post isn't to show off how clever I am or brag about Leandra.  This is one part the kind of tutorial I wish I'd had when I was first starting out, and I hope that it helps somebody wrap their mind around some of the more obscure aspects of system administration.  This post is also one part cheatsheet, both for me and for anyone out there in a similar situation who needs to get something fixed in a hurry, without a whole lot of trial and error.  If deep geek porn isn't your thing, feel free to close the tab; I don't mind (but keep it in mind if you know anyone who might need it later).

Click for the rest of the article...

Echoes of popular culture and open source.

Oct 03 2019

(Note: This post is well beyond the seven year limit for spoilers.  If you haven't seen 2001 or 2010 by now, I can't help you.)

Many years ago, as a loomling, one of my very first memories was of seeing the movie 2010: The Year We Make Contact on cable.  That the first 'real' record I ever listened to was the soundtrack to that movie should come as no surprise, but that's not really relevant.  I was quite young so I didn't get most of it, but I remembered enough about it that it gave me some interesting questions (so I thought; I was six, okay?) to ask at the library later.  The thing that struck me the most about the movies was, unsurprisingly, the monolith.  The universal alien device, which manipulated proto-hominids on Earth by teaching them how to hunt, gather, and make war, as well as making unspecified changes to their evolutionary path; which served as a monitoring outpost; which implemented the endpoints of a vast interstellar (intergalactic? interdimensional?) wormhole network; which turned a gas giant into a miniature star.  If you like, the monolith was a universal key to unlock the mysteries of the universe and inspire growth and change.

Many, many years later I was a computer geek in my late teens, just dumb enough to think I knew the right questions to ask, just smart enough to know that I didn't know nearly as much as I should.  I knew that college was coming up one way or another and I'd have to get my ducks in a row to do work there and hopefully get some research done.  I also knew that it wasn't going to be easy.  I'd just graduated from a hotwired Atari microcomputer with a modem to a modest PC clone, a 386 cobbled together out of hand-me-down components, stuff I'd scavenged out of dumpsters, and the odd weekend trip to the computer show.  I knew that there was this thing called Ethernet, and the college I was going to had just started rolling out connections of same to dorm rooms, and it was a pre-req for a comp.sci major.  I also knew that I needed an OS that could connect to the Net somehow, but I didn't have the connections to get my hands on the new hotness back then, nor did Leandra have the specs to run it if I did.

Click for the rest of the article...

Pen testing vs security assessment.

Sep 29 2019

A couple of weeks back while traveling I had an opportunity to spend some time with an old colleague from my penetration testing days.  Once upon a time we used to spend much of our time on the road, living out of suitcases, probably giving the TSA fits and generally living la vida Sneakers.  I'm out of that particular game these days because it's just not my bag anymore.  The colleague in question is more or less on the management side of things at that particular company.  Contrary to what one might reasonably assume, however, we didn't spend a whole lot of time reminiscing about the good old days, nor did we complain about all those kids on our respective lawns.  What we did do was have a conversation that I've been ruminating on since I got home.

A lot of business entities ask and pay for penetration tests - a team of relatively tame hackers goes to town on their infrastructure with little to no insider knowledge to see what they can get into (within certain limits, usually) and the client uses the results as their roadmap to figure out what they need to fix.  To a certain extent, this makes sense - sometimes the stuff that's broken doesn't make its presence known until somebody stumbles across it and gives it the business.  But... the way these things usually go is, the client fixes everything the red team tore through like a thermite lance through a baby's crib and that's about it.  They usually don't touch anything else, even to see how it stood up to second- and third- order effects.  And this is a pretty serious problem, as evidenced by the overall state of information security in the last quarter century.

Click for the rest of the article...