Integrity in the brave new world
Reply
Category Archives: Uncategorized
Alternatives
Status
Trying to weight the pros and cons between two alternatives.
Several hours later, I now have three alternatives.
I’m not good at this…
Samba denied on FreeNAS
If you recently discovered that some of your authenticated samba shares on your FreeNAS refuse to well authenticate. And maybe you did your own investigation and found that it failed with NT_STATUS_NO_SUCH_USER. Do not worry, you are not alone!
From what I understand, the last update changed the constraints on the user accounts metadata. In particular it seems that the E-Mail field must now point to a real e-mail address (something@domain) and cannot just be an alias to another local user.
Don’t know if that’s intended or not or why it would be. Going to IRC right now to find out.
Long story short, users that don’t match the new constraints are not recognized anymore by samba (and probably other services too), hence the permission denied and NT_STATUS_NO_SUCH_USER. So for those user using a local alias as E-Mail, use a fully qualified E-Mail. That will fix the shares. However it seems that "user"@localhost doesn’t work either. And you will also have to retype their password.
Wrong OS version in pkg
If FreeBSD’s pkg refuses to update because of a wrong OS version, for example because you are in a FreeNAS jail and version mismatch are bound to happen, then you can always try to force the OS version in pkg (which you can find with uname -UK. Either put OSVERSION={{version}} in /usr/local/etc/pkg.conf or start it with pkg -o OSVERSION={{version}} where {{version}} is the target version, for example 1101001.
Sshguard, PF and FreeBSD
We recently had a problem with sshguard. Some IP that were blocked were still able to send packets through because the associated states were not killed properly with pfctl -k $ip. We used an older version until then, so I just did an upgrade to the latest port.
From this point however sshguard did not block anything anymore. In fact it didn’t recognize the correct backend to use to block those IP. Not sure if we always have to specify it manually in the configuration or if there is some kind of broken-autodetect. But you can force the backend inside the configuration file in /usr/local/etc/sshguard.conf (see /usr/local/etc/sshguard.conf.sample):
BACKEND="/usr/local/libexec/sshg-fw-pf"
Women In Science
Multi-single line comments
// Anyone who comments like this // reads like the non-K&R type.
No offense but that’s literally the truth.
WHAT.THE.ACTUAL.####
Aside
underlying hypernova
Nothing fits the angriness, rage, and sadness.
Everything just explodes with no before nor after.
All the walls break, little perks in the wind.
A never ending unfolding sound of broken glass,
everlasting high pitched pink pain.
Sure there can’t be more out of hundred millions electron-volts,
sempiternal ill witched red rain.
Is there a prime number whose…
Is there a prime number whose binary representation looks like a giraffe?
Yes!
like another prime number?
Yes!
like a prime number of giraffes?
YES!
like Squidward Tentacles?
Heck Yeah!
You’ve probably understood the mechanism by now. Converting a binary image into a number, its nearest upper prime generally only differ in the lesser significant bits, hence most of the image pattern stays the same. So finding a prime number whose binary representation looks like a specific image is relatively easy. I say relatively, because in a computer sens it is quite really complex.
I just wrote a program to do just that. It is written in C and uses GMP. It is around 1k SLOC. It could probably have been much shorter, and even less so in another language. But I wanted something that went a little further than just of simple proof of concept.
I must admit, it’s pretty useless. But still there it is. And there is still much room for improvement. So patches are welcome on GitHub.
Союз
Aside
Союз, куда ты пропал?
Союз, где ты сейчас?
От снегопада до снеготаяния.