Blog

Like a lot of systems folks I use sed, a lot. It is probably an unhealthy amount of sed use but so be it. I operate on a lot of Linux servers but my desktop environment of choice is Mac OS X which means BSD tools (not the Linux-y GNU tools). The differences are relatively subtle between BSD sed and GNU sed. However, most of my work is done through iTerm (a literal black box). I frequently find myself diving down rabbit holes and I really do not want to have to remember the differences between BSD and GNU sed. I want the same sed everywhere so I compile GNU sed on Mac OS X: ...

Few things irritate me more than poorly documented dependencies. If your tool or software documentation states you can install your widget with one command and it does not work you are probably annoying people. Consider this a running list of tools and their often not well documented dependency chains. Feel free to chime in with your examples in the comments. Ansible Ansible is one of my favorite tools has many installation options. I tend to need the latest features so I end up using pip to install Ansible. On CentOS 7 and Red Hat 7 the Ansible dependency chain has been growing lately: ...

A few weeks ago a co-worker and I were discussing some things we really enjoyed about our work environment. It reminded me of a few key questions I ask (or things that I look for) during an interview that typically indicate whether or not a job is going to be a good fit or not. What do you use for e-mail? It is a simple question but the answer tells you a lot about a company. It should be a two part answer for technical positions. On the desktop side, the answer should be a SaaS or Cloud based solution (Google, Office 365, etc.). On the server or infrastructure side, the response should be “a vendor” or “a third party”. ...

Badlock might not be bad for all. If you are using Ansible you can patch your systems with a single playbook (or ad hoc command). For RPM based OS users Badlock (samba) patching is as easy as: ansible -m shell -a "yum update *samba*" all Or you can be very granular and use an Ansible Playbook to audit and patch samba packages: 1 2 3 4 5 6 7 8 9 10 --- - hosts: all tasks: - name: Check if samba packages are installed shell: "yum list installed *samba* | awk '!/^Loaded|^Installed/' | cut -d ' ' -f 1" register: yum_samba - name: Update samba if installed yum: name={{ item }} state=latest when: yum_samba.stdout != "" with_items: '{{yum_samba.stdout_lines}}' A similar Ansible Playbook for a Debian based system would look something like this: ...

As more and more security policies demand the use of multi-factor authentication the number of times a day you use a multi-factor token will increase. Hopefully that number will not increase to a level that throws the balance of security and convenience towards the annoyingly secure side of the scale. But, if that ever does happen hopefully you can use an Yubikey as your token. There are various sizes and styles of Yubikey to suit your need but the Yubikey of choice with myself and my co-workers seems to be the FIDO U2F ready Yubikey Nano 4. ...