Tuesday, December 24, 2013

puppet import (...or few warm words to puppet retarded programmers...)

It's a late night and I'm diving into puppet manual. Who would know, that the bug I was hunting was the result of the following considiration:

node 'kestrel.example.com' { import 'nodes/kestrel.pp' }


This import statement looks like it should insert code INTO the node definition that contains it; instead, it will insert the code outside any node definition, and it will do so regardless of whether the node definition matches the current node.

http://docs.puppetlabs.com/puppet/2.7/reference/lang_import.html

Really the one who let it be this way was no less then a retarded ruby programmer...


Tuesday, October 15, 2013

how to disable weak ciphers in google chrome to prevent easy decryption



google-chrome --cipher-suite-blacklist=0xc007,0xc011,0x0066,0xc00c,0xc002,0x0005,0x0004

0xc007 = ECDHE-ECDSA-RC4128-SHA
0xc011 = ECDHE-RSA-RC4128-SHA
0x0066 = DHE_DSS_WITH_RC4_128_SHA
0xc00c = ECDH_RSA_WITH_RC4_128_SHA
0xc002 = RSA-RC4128-SHA
0x0005 = RSA-RC4128-SHA
0x0004 = RSA-RC4128-MD5

Source list of cipher names matching to spec:
[https://code.google.com/p/chromium/issues/detail?id=58833]

source: [http://security.stackexchange.com/questions/38493/remove-rc4-from-ssl-tls-ciphers-in-chromium]

Saturday, August 10, 2013

jabberd SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned

SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned

remove require-starttls from c2s.xml and use old-style 5223 SSL port.

Tuesday, August 6, 2013

error: RPC failed; result=22, HTTP code = 405

Following http://kiskeyix.org/articles/561 you get



git clone http://git.gnome.org/browse/jhbuild

error: RPC failed; result=22, HTTP code = 405

just because url is now https

git clone https://git.gnome.org/browse/jhbuild

Monday, July 15, 2013

confluence and wireshark - love and hate

Yesterday I finally bought a licenced version of Confluence. Think the people, who make such a userfriendly and reliable software, also fully multithreaded one should be paid for their excellent work. This is a rare case I love software this much.

 On the other side people like wireshark creators. They should burn in hell really know that modern technology is not only about eating RAM, but also about use some multithreading too. Desecting a dump takes literally a half of an hour with one core loaded.

Saturday, July 13, 2013

росреестр млин!


Подпись пакета: Exception of type 'System.OutOfMemoryException' was thrown. at System.Convert.FromBase64String(String s) at WebService.PacketResignService.SignFile(String sFileIn, ICertificate cert) in D:\Work\Projects\new\Visual Studio 2005\Projects\FCCLand\WebService\PacketResignService.asmx.cs:line 408 at WebService.PacketResignService._SignDir(String sDir, ICertificate cert) in D:\Work\Projects\new\Visual Studio 2005\Projects\FCCLand\WebService\PacketResignService.asmx.cs:line 350 at WebService.PacketResignService.SignPacket(Byte[] decryptedPacket, Byte[] recipientCertificate, String xmlFileName, Byte[] xmlFile, Byte[]& signReport, Byte[]& signedPacket) in D:\Work\Projects\new\Visual Studio 2005\Projects\FCCLand\WebService\PacketResignService.asmx.cs:line 126


Wednesday, July 10, 2013

Corel Draw x4 on Wine success

I've succeeded in running Corel Draw X4 on Enterprise Linux (Centos 6, Scientific 6 etc 32 bit), what is impossible according to appdb.winehq.org. Here is how I did it.

First, it is possible thanks to the new release of Wine (1.6 rc4 in my case). I simply build it in /opt from source.
Secondly, I used this portable version of Corel Draw X4.
md5: d3046b4858e6489449d573da4fa3da01
http://xvi.academ.org:5081/CorelDRAW_X4.exe

It requires to be placed in the directory you have permissions to write. It also requires mfc80u.dll which you can obtain by winetricks or any other way.

Just in case here are the links to my wine build and ~/.wine directory with all the dlls needed.

http://xvi.academ.org:5081/wine.prefs.for.x4.tar.bz

07fbca83718180f8824514ca24d81c18

http://xvi.academ.org:5081/wine1.6rc4.32bit.tar.bz2

1f5f23e5271214cb660b419841e664db

And here is also a link to Photoshop CS4 which also runs nicely under Wine. Just add some dll via winetricks.
http://xvi.academ.org:5081/PhotoshopCS4.tar.bz2

md5sum: a6730255906aa6bc905627063b420aaa



Friday, June 7, 2013

puppet loop (for each) example

This is the way to copy multiple files, install multiple packages and so on.
# define function
define print1() {
   notify{"the message is: ${name}": }
}


# use it (with hiera)
print1{["one", "two", "three"]: }

Friday, May 31, 2013

Smart Zabbix triggers

http://blog.zabbix.com/no-more-flapping-define-triggers-the-smart-way/

Look at the end of the article. There are some good examples like this:


{hostname:vfs.fs.size[t:,free].max(2h)}<10G
|
{hostname:vfs.fs.size[t:,free].last(0)}<5G

FSF campaign

http://www.fsf.org/blogs/community/gnus-trick-or-treat-at-windows-8-launch


Sunday, May 12, 2013

Windows 8: Beautirfull and fast?


...something is clearly very-very wrong with Windows 8...

http://www.youtube.com/watch?v=QG-ORLkMiyY

Friday, March 1, 2013

Tuesday, February 12, 2013

Zabbix queue.

To get a full overview of zabbix queue, this query is very usefull. Modify it as you like.
SELECT to_timestamp(i.lastclock) as last,h.host,h.ip,i.delay,i.type,i.snmp_oid,i.snmp_community,i.description,i.key_,h.proxy_hostid
FROM items i,hosts h 
WHERE i.hostid=h.hostid 
             AND h.status=0
             AND i.status=0
             AND i.delay < 3600
             AND i.value_type not in (2)
             AND NOT i.lastclock IS NULL
             AND i.lastclock > extract (epoch from timestamp '2013-02-07 00:00:00')
             AND i.lastclock < extract (epoch from timestamp '2013-02-08 00:00:00')
             AND (
                 i.type in (0,13,14,3,5,11,8,10,15)
                   OR (h.available<>2 AND i.type in (0))
                   OR (h.snmp_available<>2 AND i.type in (1,4,6))
                   OR (h.ipmi_available<>2 AND i.type in (12))
                 )
                 ORDER BY i.lastclock,h.host,i.description,i.key_ limit 10000;

Monday, January 7, 2013

icon size in the alt tab screen of openbox

For a long time I suffered from blurred icons in the alt tab screen of Openbox. Until I realized that for some reason it uses non-standart resizing.

http://icculus.org/pipermail/openbox/2008-December/005964.html

For the same unknown reason the developers haven't fix this. So if you want sharp images you have to fix it yourself in the source code:

grep config_theme_window_list_icon_size openbox/config.c

After that you manage to get something like this: