… but the beer is very cheap. Which I know is an important thing for my readers. I can also agree with their choice of food, lots of pork and goulash with stodgy dumplings and thick sauce. Pig knuckle is much nicer than it sounds. I spent a long weekend in Prague, it was -10 for most of it but luckily the city isn’t very big and you can reach all the usual tourist spots by foot if you’ve got a day or two. Read on →

Penetration testing is tactical. It provides tangible, actionable information – Ivan Arce It’s been a while since I’ve been involved in pen testing but the above quote from Ivan is perfect and its meaning all too often overlooked. When you invest the time in something like pen testing or performance tuning you should always come away with a list of actionable tasks. By doing this you ensure the work wasn’t pointless (or if it was avoid repeating the mistake) and have something you can present to stake holders to get buy in for the next time. Read on →

Ever wanted to limit the number of ssh login attempts a user can make before their account gets locked? Well, not really, but when brute force tools are so common and easy to use it’s another useful trick in the sysadmins arsenal. In this example I’ll show you how to install, configure and audit failed ssh loging attempts on Linux. While the PAM mod_tally module is available for a number of different distros and Unix variants we’ll set it up on Debian. Read on →

It’s been another day of many DNS changes and while the work itself has been amazingly dull, life draining, scut work at least one positive thing’s come out of it - my appreciation for the Net::DNS perl module has grown. While it’s possible to do nearly anything DNS query related with the dig command it’s a lot easier to extract the data and reuse certain fields if you have access to a decent data structure rather than grepping bits of text out. Read on →

Adhoc changes are a very bad thing in many ways, one of the worst is how often they are not fully implemented across all the servers or even pulled back to staging. In an attempt to sanity check the config files when we have to make these little hacks I oddly-proudly present - rd-differ. A tool for diffing config files over multiple machines. The idea is simple, you tell it the file or directory you’re interested in, specify a single machine as the baseline and then specify a number of others as the machines to check against it. Read on →

Today has been one of those death by a thousand cut days. We did a migration first thing in the morning (I’m not supposed to be awake at 6am unless it’s from a really late night) and while all the big bits were planned and moved successfully the work list was missing enough little pieces to make the rest of the day very annoying. What made the work a lot harder was that the changes had to be made through a web front end that abstracted about 20 seconds of vim in to four minutes of clicking buttons that were never in the same place twice. Read on →

Stemming is the process for reducing inflected (or sometimes derived) words to their stem, base or root form. – Wikipedia article on Stemming Ever used a website that allowed you to tag content? Ever ended up accidently using slightly different tags? Something like graphs and graphing or blog and blogs? (I hope so, otherwise it’s just me…) To spot some of the more obvious overlaps you can stem each of the words and look for a common base. Read on →

The only books on capacity planning I’ve ever skimmed my way through have been dense, dull tomes of long mathematical formulas, advice that’s hard to use in any practical way and page counts in the treble digits. Thankfully John Allspaw has bucked this trend with The Art of Capacity Planning and instead written a slender, thought provoking, book. The main focus of the book is that measurement is good, blind guessing is bad and that capacity planning, like security, is an ongoing process. Read on →

Near the middle of December I lost a very dear, and constant, companion - my Sony Vaio ‘some model number or other’. After nearly five years the laptop stopped charging and it wasn’t worth paying for the repairs. I put off getting a replacement for as long as I could but while I had the work laptop as a standby I needed a machine I could treat as my own. Something outside the company security policy. Read on →

I recently watched the first in the series of the Pragmatic Programmers Erlang in Practice Screencasts (by Kevin Smith - no, not that Kevin Smith). As I’ve not seen them discussed that much else where I thought I’d jot down my thoughts. First up a disclaimer/warning - I’m not an Erlang person and despite the title of ‘Episode 1’ this series of screencasts is not aimed at people with no experience in the language. Read on →