My blog

Blog

  • Linux UX improvements

    1. Fish as a shell. I like the fact that out of the box it does what it should do and what I configure in Bash. And I like abbreviations.
    2. ripgrep which is faster grep
    3. Bat which is a way better cat
    4.  ???
    5. lolcat!

  • List of bash tutorials

    Just not to forget

    http://mywiki.wooledge.org/BashGuide/Arrays

  • My Android speedup tuning

    Putting notes not to forget.

    Case: Sony Xperia Z5compact is very slow and become hot on even a minor usage. After reading a lot of articles on the internet:

      • Turn off image enhancement in settings.
      • Change launcher to Microsoft Arrow. I really like it and it’s light.
      • In Developer Mode: limit background processes to 4 (20 is default), force GPU usage for everything (2 related settings).

    Actually the main reason why the phone is slow is that the Android available for this model (Greece Vodafone) is 6.0 and there is only 2 GB RAM onboard. 50% of it is used by “Android System” 🙁

  • Simple fail2ban log file parcer

    I have written simple fail2ban log file parcer in Golang that finds banned IPs, makes a struct with date, time and IP and a map with IP as a key and count as a value. I am thinking of nmapping the values I’ve got and making a report out of them. (more…)

  • Перевод Designing an Authentication System: a Dialogue in Four Scenes (часть 2)

    Предположим я скопировал аутентификатор и билет пока они пересекали сеть. Мне придётся изменить сетевой адрес моей рабочей станции и моё пользовательское имя. И всё это я должен проделать за пару минут. Это довольно высокие требования. На самом деле я не думаю, что это возможно. Если только … . . .

    (more…)

  • Перевод Designing an Authentication System: a Dialogue in Four Scenes

    Надо сохронить, так как этот полезный текст остался только в Веб Архиве.

    Copyright 1988, 1997 Массачусетский технологический институт. Все права защищены.

    Билл Брант (Bill Bryant), февраль 1988.

    Отредактировал и подготовил HTML вариант — Теодор Тсо (Theodore Ts’o), Февраль, 1997. Также добавлено приложение описывающие изменения 5-й версии протокола Kerberos. (more…)

  • Google Accounts engine problem and Gnome 3

    I have login.keychain corrupted in my Gnome 3 enabled workplace due to the recent Google Accounts engine problem. For some reason it has become completely unusable, Gnome Keychain was unable to unlock it, Google Chrome stopped loading sites, goa-daemon died (as usual) and Evolution has stopped getting mail.

    Goog Friday morning frustration.

  • OOM-killer fun

    Recently I had installed RHEL 7 FreeIPA test lab on my workplace. I have made virtual host with default 1GB RAM, installed the system, enrolled it into the IPA domain OK, then tried ipa-replica-install. Turns out that 1GB is not enough and OOM-killer tries to solve the problem by killing processes that ipa-replica-install had spawned. Surprisingly turns out that for some reason the script is not detecting errors caused and you have strangely configured replica as the result.

  • AD + SSSD

    If you have host in the AD with the SSSD then your root user can be any user from the domain. So

    %groupname ALL=(ALL) NOPASSWD:ALL

    would actually give permissions to all users from the “groupname” to become any AD user they want, and if they’re SSH’ng the localhost then, they would have Kerberos ticket as well. It is not actually that evident, but Active Directory is an identity provider, so if you are superuser on the host — you can be AD user on the host.

  • Debugging IDM

    One of the most frequent cases I have is that “sometimes” and “somewhere” user is not getting authenticated. Trying to SSH to the host works for some users not always, “id username” returns errors sometimes — it’s all the same problem in the environment with LDAP replication. It does not actually matter what kind of the LDAP server or domain controller is being used, always check:

      1. Enable debug log on the client. If the client is SSSD, add “debug_level = 9” to the /etc/sssd/sssd.conf and then restart it. Invalidate its cache if possible.
      2. Repeat the test so you would see the error.
      3. Collect the log file from the client. You would see what server it has queried to get the information.
      4. Check server’s log. Most likely there is no requested information on this LDAP instance due to replication issues.

    This would help to identify and fix the problem.