Add security group to all ec2 instances

If you ever need to take over management of an AWS farm, it’s very likely you will need to attach SG to all instances. Be that for monitoring or access. Here is a bash script to add 1 SG to all instances. You will need to first setup a profile on awscli. Then run the script with the profile name as first argument, and the SG id as the second.…

Read More

Building my first Linux package

Let’s take a look at how to build a really simple Linux package. The most common package formats are definitely .deb and .rpm. One will find them on Debian-variants and Redhat-variants respectively. In the following examples, a package will be created and it will contain 1 script.The script depends on Python so I want the package management tool to handle that for me too. The script’s name is goldenRatio.sh and…

Read More

php debugging

There are a couple ways to debug php applications. We can enable core dump and/or install Xdebug. Enable php core dump on php-fpm First instruct the kernel to write core dumps to /tmp. On some system, dumps are fed to abrtd.

In php-fpm.conf, add the following

Restart php-fpm and use gdb to debug the dump files. To get the most out of the dump files, install the debuginfo…

Read More

kubernetes quickstart

kubernetes and docker In this post, I’ll be deploying a docker cluster running a number of nginx containers. Bare with me though as I am still learning about kubernetes and docker. Machines The master node will be controlling the worker nodes. Deployments will not run on the master node itself. From my experience, at least 1.5Gi of memory is needed for these machines. k8s-ms | 10.0.0.165 k8s-wk1 | 10.0.0.44 k8s-wk2…

Read More

ipfs

Brought to my attention by a friend, I gave ipfs a try and here is what I did to get started:

The file is stored locally under the blocks directory:

Once a file is added to ipfs, it cannot be deleted. References: https://ipfs.io/docs/commands/

Read More

Take LVM snapshot before ubuntu upgrade

Ubuntu upgrade can be a challenge Ubuntu 18 is coming up in a few months. I started using Ubuntu on my machine since version 9.10 and it has gone through 8 upgrades. I’m running 17.10 now. If memory serves me right, my system crashed 2-3 times during these upgrades. In fact, those were the only downtime I have on this machine. In the early days, upgrade isn’t very mature IMO.…

Read More

Trade security with performance

The recent CPU flaw caused quite a mess. Most recent linux kernels have the problems patched, but what if I am willing to trade security for performance? I’ll need to compile my own kernel and here is how to do that on Ubuntu 17.

First, we need to make oldconfig. Basically copy the kernel compile config from Ubuntu and decide whether new features should be enabled

Here I…

Read More

Why the hack?

Why attacking and hacking – proof of concept – causes service interruption – utilize compromised systems to attack other targets – steal compute power – build zombie network – ransome – attention seeking – personal reasons How does it happen – Webhack exploiting vulnerable apps or scripts – SQL injection – Overflow boundaries – Brutish password hack – Social hacking – Affected by compromised neighbors particularly in muti-tenant environments –…

Read More

Meltdown and Spectre CVE-2017-5715

Numerous posts and announcements have been made available in past 48 hours[1]. I don’t want to embarrass myself trying to describe what they’re about. Here I want to measure the performance penalty for the kernel patch. Kernel update has been made available on CentOS 7 (3.10.0-693.11.6.el7), roughly 12 hours behind Redhat. Here is a quick test of mysql sysbench on a small instance on aliyun, AWS, and Azure. No impact…

Read More