Posts

  • Inspiration + open source tools = blogging


    When does inspiration strike you? At what time of day is the best for you? Does it hit you in a wave or like high tide slowly creeps up on you? ... read more
  • Yubikey for sudo and login(s)


    PAM is amazingly flexible and playing around with it can render your system inoperable. So if you love the thrill of editing a file without testing you are going to love adding a yubikey as a login option to your system. ... read more
  • What happens when IO fails?


    A couple weeks ago, when my ingress controller traefik didn’t restart correctly, my blog & all other services went down. In a quick knee jerk reaction to ensure my services stayed up, I did a quick down && up on docker-compose, but it took a while. Specifically, it timed out when trying to bring up the container! How could docker timeout? What was happening? What is this random error traefik is throwing when it attempts to start? So many questions, and all the time in the world to investigate. So I buckled my 5 point harness and got ready. ... read more
  • Fishnet on Armv8 vs. x86_64


    Fishnet is Stockfish for Lichess Fishnet is a distributed system that runs Stockfish NNUE (Efficiently updateable neural network) to analyse games on Lichess. People around the world can donate their CPU time to help improve people’s chess games, find out how they blundered, and continuously improve. Fishnet is not the first system to be designed to take advantage of consumer CPU cycles. SETI@home & Folding@home were/are some of the biggest names (that I am aware of) that utilise this distributed cpu system. ... read more
  • The tale of the phantom server


    It has nearly been 12 months of what might be called the moustache growing competition of 2020. Also known as work from home life. I have begun to see how people can easily become accustomed to working for them selves. Being their own boss, and working whenever, or wherever they want. I’m still up in the air on the whole conundrum on deciding if work from home is for me. But the associated “downtime” has allowed me to take more time in poking around and sorting out my systems. Luckily I don’t have a huge amount of systems, but under my domain of pretty little flashing lights a new system had peaked my intrigue. It had been there for a while but I wanted to know more. I wanted it to tell me it’s secrets. What did this system do? Why was it created? I wonder how much of a scream test it will produce if I turn it off? You know, the usual thoughts one has in their head. What follows is a little retrospective mainly for myself, with the absence of any time frames. ... read more
  • Hi. Have you met ... Mailcow?


    Having an OVZ hosted server for what seems like forever is great up to a point. But their containerised nature ended up biting me in the ass. Being stuck on an ancient kernel for over 2+years, was the last straw. Enough was enough. It was time to move to a new hosting company; one that was local, one that wouldn’t break the bank when the some global pandemic crashes my exchange rate. But I was hesitent for a long time with moving as I was a bit dismayed about leaving my old IP address. I’d worked so hard to build up a nice reputation surrounded by some bad actors. But I just could not handle having a v2.6.32 kernel any longer. It was time for a change, and time to redesign how I hosted my applications. ... read more
  • Dark Theme for Minima is here


    I’ve been getting back into blogging as we are all staying at home for the foreseeable future and I’ve realised, whilst reading this blog at midnight, that it needs a dark mode, desperately. So others do not sear their own eyeballs attempting to read said articles. Luckily for me, what looks to have been less than a month ago, minima the super minimal theme that is basically the default for jekyll, are soon to be releasing a v3. As part of that v3 (inferring from their commit logs, and recently merged code), comes with new themes! ... read more
  • Open Source Maps


    A big problem I have with the current implementation of Google’s products is that if you are not online, your service will be a shadow of what you are able to do. In an age where we have mini computers in our pockets that are capable of so much more than figuring out how to get to go from point A to point B or finding out when the local cafe is open. Do we really need to rely on an internet connection for these items? Having the ability to be offline and still have a functioning device has been great for not only battery life, but worked great when hiking in rural areas, or travelling on the road, or just wanting to be “unplugged”. While this may not mirror your experience or items you may have thought of. It is a big enough differentiation that we need to be able to do something about it. Why do I need an internet connection? Why do companies need to know if I was at my local cafe? These were my original questions when searching for solution. ... read more
  • Alerting & Actioning on Security Mailing Lists


    An IT professionals job is not one I would wish upon everyone. Not only do you have users with the daily “crisis” that gets tagged urgent, with a subject line in all caps. Or a C-level executive who calls you on holiday to fix their tablet. We occasionally notice a new security patch that needs to be rolled out company wide. Openssl is one that comes to mind. Whether that be from a news article, a conglomeration of rss feeds, a PSA notification on /r/sysadmin or from one of the 50 mailing lists we are on. Most of the time, it’s the mailing list with an announcement. But we are only human. ... read more
  • New Jekyll Blog streamlined for that sweet content


    After a couple months looking at the current status-quo of templating engines, and how Ghost still does not have a proper implementation of a comment system, (which honestly is one of the biggest reasons for me), I’ve switched to Jekyll. ... read more
  • Wayback Machine whois Scanner


    The post from archive.org retroactive robots.txt and .gov .mil usage got me thinking about how data and sites, specifically URLs change hands for any reason possible. What constitutes a hostile takeover? What constitutes an acceptable change? Whilst reading the article, this quote struck me as something that could possibly be solved by internet magic. ... read more
  • Why rmagick/imagemagick fails to install on Ubuntu 16.04.2 LTS


    The problem is due to Image Magick updating their software! How dare they update their code, fix bugs, and make changes which are not backwards compatible with my software that is 5 years old. Deprecated, and completely out of any warranty what-so-ever. Obviously you should strive to update your code to be up-to-date with the latest versions. But sometimes… You just can’t, whether that be because of technical debt, lack of technical know-how, or lazyness. ... read more
  • Seo-Bro Ghost Theme Deprecation


    Seobro’s ghost theme is going to be deprecated, mainly due to my latest move to jekyll, and auto-building infrastructure. ... read more
  • Troubles in paradise; Gentoo Firefox build related issues with llvm, mesa, and amd64


    I could not wait to try the latest Firefox version after all the hype. I’ve been running Nightly on my Phone and my work computer ever since 57.0 landed in nightly (So 6 months ago?). I’ve finally got around to updating my main Gentoo box. ... read more
  • Reasons why I had to disable greylisting


    I’ve been using postgrey and greylisting in my personal mail setup for over 2 years and at my business for over 5. Sadly I’ve decided to disable it for my personal emails. My main problem? Greylisting works. ... read more
  • Mobile phone wars. Companies verses You. It's only your privacy at stake


    I had a chat today a while ago with my colleague about the new iPhone. And again when the new Google Pixel came out. Did they innovate? No. Did they do x,y,z, who cares, because that’s not part of the story. We are without a doubt the most concerned about our privacy and security of our devices, and in conjunction our respective lives. A thought came across my mind as we were chatting. He owns a Mac, an iPhone, and I’m sure possibly some other Apple device. How can he care about his privacy whilst using all these devices? ... read more
  • Setup debian updates over Tor via official onion links


    With the official debian.org onion links which can be found here: onion.debian.org and their official onionlink we can now update our servers via Tor. ... read more
  • IPv6 Implementation, DKIM/SPF for slowb.ro and a new DNS host


    Migrating to support IPv6 is something that I’ve wanted to do for a while. But it has never been a priority as Australia does not support IPv6 (or any type of “fast” internet, but lets not get started on that). As I’m basically the only one who uses my “services” it kinda doesn’t affect me. But nice to have none the less. ... read more
  • Programmatic blocking of referrer spam - Part 2; How SEO companies block it


    In Part 1 I talked about how we can use the analytics API to setup filters to block all the bad referrers. After a few months of testing, this is actually only the first part of the problem. ... read more
  • Renewing your Lets Encrypt/Certbot SSL certificate on nginx with zero downtime


    Disclaimer: Specifically the downtime is service nginx restart so its however long your nginx service takes to start, which for me is a fraction of a second. Lets Encrypt certificate for any nginx application Already there has been a huge increase of Lets Encrypt/Certbot certificates since its release out of beta. Knocking off the 2 million certificates milestone and then 3 million within 17 days. That’s 58823 certificates per day. Absolutely amazing. It just shows how much people care about their security, and how easy it has become to generate, renew, and revoke a SSL certificate. ... read more
  • Fix: SpamAssassin "RCVD_REMOVED=3.75" which is tagging all your mail as spam


    Issue: The reason is because Spam Assassin or another program such which uses the same lists as Spam Assassin, have added a new policy. ... read more
  • Ask Siri to bypass your passkey on Apple iOS v9.0, v9.1 & v9.2.1


    Update: Multiple people have disproved this. It looks from the video that he might be using TouchID instead. So its not a bypass at all. ... read more
  • Integrating a comment system which cares about your privacy into ghost - Part 1


    Part 1, How to add Isso comment system to your ghost blog. (As long as you have your own server. If you are wondering when I get to actually installing Isso, scroll down to the next heading to get straight into the nitty-gritty). ... read more
  • Fix vi/vim error: E45: 'readonly' option is set (add ! to override)


    Issue: Ever started editing a document only to find out that when trying to save it :w or :wq, you forgot to open it with sudo? Vim knows what to do and gives you a hint saying “add ! to override”. ... read more
  • Using both argparse and sys.argv in the same script for backwards compatitbility


    Edit: Since writing this article and recently re-reviewing it, I want to scrub it from existence as I’m appalled at my choice. Argparse already had this feature in build and can work with positional arguments no problems. Ah well! ... read more
  • Current projects or terribly formed Ideas


    The following page will be a list of ideas that I’ve half cocked and will serve as a reminder that I never really finish anything. If an idea has already been explored, or you believe it has already been answered, or have some links to whitepapers on the matter, Please don’t hesitate to leave a comment at the end of this page. ... read more
  • Blocking Google Analytics Referrer Spam via Filters with python


    My followup post (with correct information)is here: https://blog.slowb.ro/programmatic-blocking-referrer-spam-part-2-the-correct-way-for-seo-companies/. Please do not implement the following filters, only use this information as a refresher course on spam, and referrers in general. ... read more
  • Running a tor node isn't all its cracked up to be... but its super easy!


    Update 25/May: Included instructions for obfs4 and obfs3 ... read more
  • Wordpress XML Parsing Error for sitemaps


    If a client ends up breaking their sitemap we’d usually have the arduous task of finding somewhere in wordpress the extra one or two white space before and after the php tags <?php and ?> If you do not have shell access to your wordpress directory, then I suggest checking your wp-config.php in the root directory, and remove all excess spaces at the top. And then checking your functions.php in your theme directory for the extra spaces. ... read more
  • Google Analytic's Code Scraper


    For SEO purposes, I mocked together a quick script to scrape clients websites to make sure that they had Google analytics setup on their sites. It searches for the known code “UA-“ which is the standard starting letters for Google analytics. Go and try it out! (On sites that your allowed to scrape that is! :P) Yes I am well aware there are many caveats, such as any enterprise tracking or non-google, but for a low tier website hosting company this sufficed plenty. ... read more
  • Enable SSL mysql database connections for your wordpress installation


    Update: Add the following to wp-config.php to enable SSL in Wordpress 3.6+ define('MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL); Then run a tcpdump on your box to confirm that it is connecting via SSL. ... read more
  • Log rotation for passenger applications


    So I was given the arduous task of creating a log rotation script for our ~150 passenger applications. ... read more
  • Terminal capability cm required


    Problem: Commands like vim / vi / crontab -e all throw an error about “terminal compatibility”. This is because your TERM value is set to “screen” as you are no doubt connecting to a box inside a screen session, or are just using screen. ... read more
  • FFmpeg Aac to Mp3


    Quick and dirty one liner to encode (Multiple) AAC files to MP3 via FFmpeg IFS=$'\n'; for item in $(find . -iname '*.aac'); do enditem="" ; enditem=`echo $item | sed 's/.aac/.mp3/'`; ffmpeg -i $item $enditem ; done If your using zsh you can use in-line parameter expansion IFS=$'\n'; for item in $(find . -iname '*.aac'); do ffmpeg -i $item ${item/\.aac/\.mp3/}; done Reason: I recently started using streamripper to rip my favourite audio stream, and after a week i finally had a great collection of songs, and then I realised that it was aac and for some reason android doesn’t like aac. DOH! ... read more
  • Gameboy Emulator in HTML5 and Javascript, with save features


    tl;dr people: HTML5 + Javascript Gameboy with Save functionality I want to play now! ... read more
  • HELO_DYNAMIC_IPADDR tagged mail from an AWS EC2 instance


    Updated: 10th Feb to include a postfix answer as well as a Ruby on Rails answer. ... read more
  • Aperture Science Logo from Portal in ASCII


    Share it, Love it, This is not a lie. ... read more
  • A "call home" script for any linux box, and especially useful for a rasberry Pi


    I really wanted a call home script! I searched and searched I tell you, but none could come to suffice. I couldn’t believe there was not another user who hadn’t had this problem. Sure, I could just install a “remote access trojan” in it, but it just wouldn’t be the same. (And where would the fun be in that) ... read more
  • Setup a Ruby on Rails, Passenger, Nginx running on an AWS EC2 with RDS.


    Here is a slimline walkthrough for getting a complete setup and working AWS EC2 Ruby on Rails instance. For this walkthrough we will be using rails version 2.3.15 and using bundler for the gems. We will also be using an RDS instance which requires knowing your root user’s password. ... read more
  • Create an SSH based VPN


    So if anyone’s like me, you like to have a billion terminals open, each one monitoring our latest servers, but you also like to connect to your home servers. ... read more
  • Setup a Mutli-User Seedbox on Ubuntu


    As prices on VPSes and dedicated servers continue to drop, more and more people in the torrenting community are getting seedboxes. While there are many managed options out there, often the best deals are managing your own server. Setting up a seedbox is easier than ever before with how much info is freely available. All one really needs is the ability to reasonably navigate command line interface, DuckDuckGo, and patience. It also helps to get involved in a community that can help you (IRC or forum). ... read more
  • Monitor your passenger applications via SNMP


    Basic Idea: Monitor the output of the command passenger-status, “Active Sites, Total Running, and Waiting Sites” ... read more