Things n' Stuff Thoughts about the universe in general

Summary of the events of the Code Space break-in: Code Spaces was hosting their services on Amazon Web Services VPS infrastructure. An attacker managed to gain access to their AWS administration console account and after his demands for ransom were not answered, proceeded to delete all the data in the account.

The disaster recovery plan for Code Spaces was based on having machine images and data backups stored in AWS, everything was gone, and Code Spaces basically had to shutdown.

Read the rest of this entry »

Well, I don’t have very high resolution displays at all (you might call them UHD displays?), but the name “4K” is really stupid – so please stop using it.

What is it 4000 of anyway? Can anyone tell me? Hint – no it doesn’t have 4000 pixels, nor 4000 scan lines or 4000 anything or event anything else that is divisible by 4000. Although the horizontal resolution is almost 4000 (actuallly 3840 pixels wide), and while Wikipedia will have you believe that is the reason for the name, it is not so.

No, the reason is so much stupider than that: the name “4K” is because “4K displays” are 4 times larger (in pixel count) than 1080p displays (1080 being about 1K). This is so stupid, because while UHD displays do indeed have 4 times the pixels of a 1080p (“1K”) display, the 1080 in the number does not relate to the number of pixels – it is the number of scan lines in the picture – of which a UHD display has only twice as much. But “2K” just doesn’t have the right ring to it… so, the branding masters made do with what they have. Sooooo stupid…

Ok, this is not a real solution for all types of problems – just a tip, that worked for me today, to try out if you can’t figure out what the problem is.

I’m running a VM on Amazon EC2, and looking at top, I saw that most of the CPU time was spent either in “steal/guest” or “IRQ“. Now steal/guest is kernel speak for “I wanted to allocate some CPU time for progams, but the hypervisor stole it” – which is not surprising on a a virtualization solution, but if it happens all the time then that means that your physical host is constantly loaded by other VMs that take as much CPU time as they can. The second item “IRQ” is time the kernel spends at handling interrupt requests from the hardware. This shouldn’t consume a significant amount of time unless the hardware has a problem – another good indication that you want to move your VPS to another physical host.

Read the rest of this entry »

Here is a very simple Bash script that uploads a file to Amazon’s S3. I’ve looked for a simple explanation on how to do that without perl scripts or C# code, and could find none. So after a bit of experimentation and some reverse engineering, here’s the simple sample code:

Read the rest of this entry »

או לפחות כך במקור¹. קציצות בקר בריאות (אם אתם לא אנטי-“בשר אדום”), מכיוון שאין בהן לחם והן אפויות בתנור כך שרוב השומן יוצא בזמן ההכנה. עד כה נוסה מספר פעמים בהצלחה.
Read the rest of this entry »

1. כרגיל מתכון שהשאלתי מכמה מקומות באינטרנט ושיפצתי לפי טעמי [↩]

I use SSH daily to work with different remote services, and its always a very straight-forward process… unless the remote server you want to work with is on LAN somewhere behind NAT¹. When you need to access such an internal server, the only option is to SSH into the firewall², and then SSH again to your server of choice.

But there’s a better way, and you don’t even have to fiddle with the firewall server!

(this is not actually a script, though minimal text editing is required)

The solution is actually quite simple: set up an alias in your .ssh/config file that you can use to call the remote server when you are outside the LAN (if you are inside the LAN its better to access it directly), and for that alias we will set up a ProxyCommand that will tell SSH to first access the firewall server and open a tunnel to the target LAN server.

It looks like this:

Host remote-alias
ProxyCommand ssh firewall-user@firewally-server nc lan-server 22


This set up works best if your access to the firewall-user account is without password or passphrase (using an SSH private key that is either without passphrase or already loaded in the agent), then the login is as streamlines as a direct access – but the worst is that you’d need to type in two passwords.

Related articles

• SSH Keys(wiki.archlinux.org)

  ---

• Simplify Your Life With an SSH Config File : Nerderati(nerderati.com)

  ---

• LKP’s Blog – Day 9 – How to SSH tunnel!(forum.codecall.net)

  ---

• SSH Password less Login(paulmellors.net)

  ---

1. router that does Network Address Translation so the servers address is not accessible from outside the LAN [↩]
2. or some other server that has legs both inside and outside the LAN – I’m using a DNATed server, what most off-the-shelf routers incorrectly call “DMZ“ [↩]

For example, when I post to my blog, it will automatically tweet my post on my behalf – on my twitter account (automagically). Is it awesome or not?

BTW – “tweet” or “twit”? How does one “operate” in twitter?

באופן מעצבן יותר ויותר (ככל שהפילוט של המאגר הביומטרי נמשך ומאיים להביא עלינו אסון), כל מיני אתרי אינטרנט טריוויאלים לחלוטין דורשים מאיתנו האזרחים לספק להם את הזיהוי היחודי שלנו במאגר (הביומטרי וגם זה שלא) של הממשלה (הווה אומר “מספר תעודת הזהות”).

אני לא בטוח בכלל מה הזכות של חברות מסחריות אקראיות לדרוש מאיתנו את הפרט הזה, אבל אני די בטוח שאני לא חייב לספק אותו, וזה ממש מעצבן שהם דורשים את הזהות שלי כתנאי למכירה של כרטיס קולנוע, או שאר דברים טריוויאלים.

בגלל שאני בטוח שגם אותכן זה מעצבן, ובגלל שאני חושב שכל הפרקטיקה מטופשת (אפילו אם היא חוקית, ויש חשד קל שהיא לא), הנה לשרותכם – מחשב מספרי תעודות זהות ישראלית:

לשם הנוחות העמוד הנ”ל ידידותי לטלפונים חכמים והכתובת הישירה אליו היא: https://geek.co.il/articles/israeli-id.html

עוד נקודה: הוצע לי ששימוש במספר ת”ז לא שלכן באתר של ספק שרות זה עבירה על החוק – סוג של גניבת זהות. אני לא חושב שזה המצב – ואני אשמח לדעתכן בנושא, אבל לשם הזהירות:

1. אין בבנית התוכנה הנ”ל משום המלצה להציג מספרי זהות שאינם שלכם לספקי שרות ואחרים. אם אתם בוחרים לעשות זאת זה על אחריותכם בלבד.
2. אם אתם בכל זאת בוחרים להציג מספרי זהות כך, אני ממליץ לבחור מספרים שלא סביר שנמצאים בשימוש, כמו מספרים שמתחילים בשלוש פעמים אפס או שלוש פעמים תשע

A public response to “FaiF oggcast 0x43“, or at least to the second section (after the FOSDEM talk recording starting at 0:54:31):

Sometimes you guys just drink your own cool-aid, while being completely out of contact with reality. This is a prime example – in FaiF 0x43, at 1:12:40 Bradley says “Proprietary Javascript … is the new form of [vendor] lock-in, and People are locked in to GitHub”, which is just the worst of a large tirade where Bradley just compares people who create useful services and want to finance them – while contributing to open source and free software – to the worst proprietary software vendors, for the crime of creating their website with unlicensed Javascript code. All the while Karen just says “yes”.

Read the rest of this entry »

The following procedure can be used to recover InnoDB database tables from a backup of a MySQL server that had the “innodb_file_per_table” setting but all the metadata (in the “ibdata*” files) was lost – for example due to a server crash.

The process involves two steps:

1. Recover the table structure from the .frm files
2. Recover the data from the .ibd files (InnoDB tablespace)

There is a lot of copying the backed up files over and over to the MySQL datadir, so its useful to have the backup available on the database server machine. In my setup the backup for the databases was copied to the directory “backup” under the database’s datadir, so – for example – for the table somedb.sometable there exist files somedb/backup/sometable.frm and somedb/backup/sometable.ibd.

Additionally the process for recovering the table structures creates a lot of superfluous metadata in the InnoDB data files, so after the first stage I’m going to destroy the InnoDB data files and let the InnoDB engine re-generate them – as a result any existing InnoDB tables will be destroyed. This is important so I’ll iterate: using the procedure detailed here will destroy any existing and working InnoDB databases! So this procedure is useful to recover a destroyed database server to a new server or as a temporary measure on a temporary server to be able to dump the data to SQL files that will later be loaded into an existing server.

There likely a way to do this which is less heavy handed – for example, check out this article from Percona’s MySQL blog, but for my purpose this is enough.

Read the rest of this entry »