Página Principal Explorar Ajuda
Iniciar Sessão
thatsmydoing
/
blog
1
0
Fork 0
Ficheiros Problemas 0 Pull Requests 0 Wiki
Árvore: e8192716b0
Ramos Etiquetas
blog
/
output
/
categories
/
sysadmin.xml

sysadmin.xml 14 KB
Histórico Em bruto

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293 
  1. <?xml version="1.0" encoding="utf-8"?>
    2. 

  2. <?xml-stylesheet type="text/xsl" href="../assets/xml/rss.xsl" media="all"?><rss xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0"><channel><title>Pleasant Programmer (sysadmin)</title><link>http://pleasantprogrammer.com/</link><description></description><atom:link type="application/rss+xml" href="http://pleasantprogrammer.com/categories/sysadmin.xml" rel="self"></atom:link><language>en</language><lastBuildDate>Fri, 25 Dec 2015 07:25:05 GMT</lastBuildDate><generator>https://getnikola.com/</generator><docs>http://blogs.law.harvard.edu/tech/rss</docs><item><title>Cloudflare Shenanigans</title><link>http://pleasantprogrammer.com/posts/cloudflare-shenanigans.html</link><dc:creator>Thomas Dy</dc:creator><description>&lt;div&gt;&lt;p&gt;An old client of ours managed to convince a telco to zero-rate the data for their app. In order to whitelist it though, we needed to use plain HTTP for domain whitelisting. For HTTPS, they can only whitelist by IP address. Like any good developer, we were using HTTPS. Also, like any good developer, we put our server behind Cloudflare.&lt;/p&gt;
    3. 

  3. &lt;p&gt;Now the problem is that Cloudflare can put you behind &lt;a href="https://www.cloudflare.com/ips/"&gt;any IP they own&lt;/a&gt;, which is a huge range. There's no guarantee that the IP we have now is going to be the same later on. So we did the reasonable thing and asked them to whitelist all of the Cloudflare IPs. And the telco agreed! We were in total disbelief when that happened. But hey, if life gives you free internet, you take it.&lt;/p&gt;
    4. 

  4. &lt;p&gt;We never actually empirically tested whether other sites hosted on Cloudflare were also actually zero-rated. But I like to think that we saved a lot of people on their data costs from browsing Reddit and 4chan. But alas, good things must come to an end.&lt;/p&gt;
    5. 

  5. &lt;p&gt;A few months after we started beta testing the app, Cloudflare added more IPs to their range. Unfortunately, our server got moved to those new IPs which were not whitelisted yet. Apparently, the telco whitelisting process was incredibly convoluted and time consuming. Our client didn't want to bother asking them to whitelist more IPs. We also tried asking Cloudflare to move us back to the original IP range, but they could only do that if we were in their enterprise tier. We couldn't really afford that, so we looked for other options.&lt;/p&gt;
    6. 

  6. &lt;p&gt;Since Cloudflare was essentially just a giant reverse proxy, theoretically there should be no distinction between one IP address from another. The specific IP we get is probably just for load balancing. So we tried accessing the IPs in the range directly and just setting the Host header and it worked! But we get SSL errors because the IP itself doesn't have its own certificate.&lt;/p&gt;
    7. 

  7. &lt;p&gt;After more testing, we figured out that you could actually use any Cloudflare backed domain so long as we properly set the Host header. We just needed to find one still in the old range. Coincidentally, 4chan.org was. Which led to this wonderful commit&lt;/p&gt;
    8. 

  8. &lt;pre class="code literal-block"&gt;commit 123456789abcdef
    9. 

  9. Author: ~~~~~~
    10. 

  10. Date:   ~~~~~~
    11. 

  11. 

  12.     4chan hack
    13. 

  13. 

  14. &lt;span class="gh"&gt;diff --git a/src/com/client/common/Util.java b/src/com/client/common/Util.java&lt;/span&gt;
    15. 

  15. &lt;span class="gd"&gt;--- a/src/com/client/common/Util.java&lt;/span&gt;
    16. 

  16. &lt;span class="gi"&gt;+++ b/src/com/client/common/Util.java&lt;/span&gt;
    17. 

  17. &lt;span class="gu"&gt;@@ -210,7 +210,8 @@ public class Util {&lt;/span&gt;
    18. 

  18.         }
    19. 

  19. 

  20.         public static String getServerAddress(Context context) {
    21. 

  21. &lt;span class="gd"&gt;-               String address = "https://backend.client.com";&lt;/span&gt;
    22. 

  22. &lt;span class="gi"&gt;+               // String address = "https://backend.client.com";&lt;/span&gt;
    23. 

  23. &lt;span class="gi"&gt;+               String address = "https://4chan.org";&lt;/span&gt;
    24. 

  24.                 if(!isDebug(context)) return address;
    25. 

  25.                 try {
    26. 

  26. &lt;span class="gh"&gt;diff --git a/src/com/client/common/logging/APIClient.java b/src/com/client/common/logging/APIClient.java&lt;/span&gt;
    27. 

  27. &lt;span class="gd"&gt;--- a/src/com/client/common/logging/APIClient.java&lt;/span&gt;
    28. 

  28. &lt;span class="gi"&gt;+++ b/src/com/client/common/logging/APIClient.java&lt;/span&gt;
    29. 

  29. &lt;span class="gu"&gt;@@ -101,6 +101,7 @@ public class APIClient {&lt;/span&gt;
    30. 

  30.         private HttpResponse postInternal(String url, List&amp;lt;NameValuePair&amp;gt; data, boolean forRegistration) throws ClientProtocolException, IOException {
    31. 

  31.                 HttpPost request = new HttpPost(Util.getServerAddress(mContext)+"/api/"+url);
    32. 

  32.                 request.setHeader("X-API-VERSION", apiVersion);
    33. 

  33. &lt;span class="gi"&gt;+               request.setHeader("Host", "backend.client.com");&lt;/span&gt;
    34. 

  34. 

  35.                 if(data == null) {
    36. 

  36.                         data = new ArrayList&amp;lt;NameValuePair&amp;gt;();
    37. 

  37. &lt;/pre&gt;
    38. 

  38. 

  39. 

  40. &lt;p&gt;Eventually, we did decide to just abandon Cloudflare for the server. We probably weren't going to be the target of a DDOS or anything. This also allowed us to do more secure things like pinning the server certificate in the application itself. Clearly, this is what we should have just done in the first place, but at the time we just wanted a stopgap solution.&lt;/p&gt;
    41. 

  41. &lt;p&gt;I just still find it funny we were making people's phones go to 4chan.org everyday for more than a year.&lt;/p&gt;&lt;/div&gt;</description><category>cloudflare</category><category>sysadmin</category><guid>http://pleasantprogrammer.com/posts/cloudflare-shenanigans.html</guid><pubDate>Fri, 25 Dec 2015 06:13:26 GMT</pubDate></item><item><title>Removing PLDTMyDSLBiz from the ZyXEL P-2612HNU</title><link>http://pleasantprogrammer.com/posts/removing-pldtmydslbiz-from-the-zyxel-p-2612hnu.html</link><dc:creator>Thomas Dy</dc:creator><description>&lt;div&gt;&lt;p&gt;I've always thought that people were just too lazy to change their SSIDs when I see "PLDTMyDSLBizCafeJapan". It became apparent when we got our own PLDT line that it was because the bundled router/modem &lt;em&gt;does not&lt;/em&gt; allow you to remove the prefix.&lt;/p&gt;
    42. 

  42. &lt;p&gt;This is not the kind of thing you expect as a business customer. Even for home customers, I feel it's still a bit dishonest. I'd be fine if it was just the default SSID, but forcing people to have it as part of their SSID is like advertising that your company (I mean PLDT) is a douche.&lt;/p&gt;
    43. 

  43. &lt;p&gt;Of course, we couldn't just leave the SSID prefix there, so we tried a number of things to get rid of it. There are articles for removing it from the &lt;a href="http://www.phandroidinternet.com/2013/06/how-to-remove-on-wifi-name-or-ssid-on.html"&gt;Prolink H5004N&lt;/a&gt; or the &lt;a href="http://www.symbianize.com/showthread.php?t=730091"&gt;ZyXEL P-660HN-T1A&lt;/a&gt; but not for the one we got which was the ZyXEL P-2612HNU-F1F.&lt;/p&gt;
    44. 

  44. &lt;p&gt;We did still try the firebug/inspector tricks, but it seems that there is a server-side check that adds in the "PLDTMyDSLBiz". We tried a number of things, but the one that ultimately worked (and we had a good laugh about) was to backup the configuration, edit the dumped file and restore it.&lt;/p&gt;
    45. 

  45. &lt;p&gt;The backup is actually just an XML file. You can search for SSID and change the parameter there. It's a bit annoying because the router has to restart after restoring the configuration, but it works!&lt;/p&gt;
    46. 

  46. &lt;p&gt;A minor note, the router doesn't seem to support SSIDs with a comma (,) well. It just gets everything before the comma as the SSID for some reason.&lt;/p&gt;&lt;/div&gt;</description><category>sysadmin</category><guid>http://pleasantprogrammer.com/posts/removing-pldtmydslbiz-from-the-zyxel-p-2612hnu.html</guid><pubDate>Wed, 27 Nov 2013 02:12:31 GMT</pubDate></item><item><title>Console Keymap Switching</title><link>http://pleasantprogrammer.com/posts/console-keymap-switching.html</link><dc:creator>Thomas Dy</dc:creator><description>&lt;div&gt;&lt;p&gt;At the office, we have some people who use DVORAK. Normally, this isn't a problem. To each his own after all. It does become a bit problematic though, when we're dealing with the servers around the office.&lt;/p&gt;
    47. 

  47. &lt;p&gt;We normally leave the servers on QWERTY. After all, most people start off as QWERTY typists and migrate to something else. That said, it's apparently difficult to stay fluent in both. People tend to forget how to type in QWERTY once they learn DVORAK or something else. While it is true that they can just look a the keyboard while typing, my coworkers would prefer it to just be in DVORAK.&lt;/p&gt;
    48. 

  48. &lt;p&gt;For the console, they'd typically do &lt;code&gt;sudo loadkeys dvorak&lt;/code&gt; after logging in. The problem with this is, after they logout, the keymapping is still on DVORAK. This has been quite annoying for a few times since I can't even login to change the keymap. What I wanted was something like you get in the graphical login screens where you can pick your keymap before logging in. Apparently, there isn't a readily available thing for the console.&lt;/p&gt;
    49. 

  49. &lt;p&gt;I googled around for solutions and came across &lt;a href="http://superuser.com/questions/548234/how-can-i-easily-toggle-between-dvorak-and-qwerty-keyboard-layouts-from-a-linux"&gt;a nice idea&lt;/a&gt;. You could alias &lt;code&gt;asdf&lt;/code&gt; to load the DVORAK mapping and &lt;code&gt;aoeu&lt;/code&gt; (the equivalent to asdf in DVORAK) to load the QWERTY mapping. This actually makes sense since you don't really have to know where the letters are. The only problem is, you once again have to be logged in to change the key mappings.&lt;/p&gt;
    50. 

  50. &lt;p&gt;After some further searching, I found &lt;a href="http://unix.stackexchange.com/questions/2884/toggle-between-dvorak-and-qwerty"&gt;something close to what I wanted&lt;/a&gt;. Apparently, Alt+Up sends a KeyboardSignal keycode to the init process, which can act on that. It also works anywhere, even before being logged in. For SysVinit systems, you can just add a line to your inittab for a command to be run when Alt+Up is pressed.&lt;/p&gt;
    51. 

  51. &lt;p&gt;In the office, however, we generally use Arch Linux which uses SystemD. But apparently, it also has a mechanism of accepting the Alt+Up press. It runs the kbrequest target whenever it gets the keypress. &lt;code&gt;kbrequest.target&lt;/code&gt; is normally aliased to run the rescue service though, so you have to manually create the file in &lt;code&gt;/etc/systemd/system/kbrequest.target&lt;/code&gt; and fill it with a description:&lt;/p&gt;
    52. 

  52. &lt;pre class="code literal-block"&gt;&lt;span class="k"&gt;[Unit]&lt;/span&gt;
    53. 

  53. &lt;span class="na"&gt;Description&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s"&gt;kbrequest target&lt;/span&gt;
    54. 

  54. &lt;/pre&gt;
    55. 

  55. 

  56. 

  57. &lt;p&gt;We can then add a service to be run whenever the target is called. Something like &lt;code&gt;/etc/systemd/system/keymap-switch.service&lt;/code&gt;:&lt;/p&gt;
    58. 

  58. &lt;pre class="code literal-block"&gt;&lt;span class="k"&gt;[Unit]&lt;/span&gt;
    59. 

  59. &lt;span class="na"&gt;Description&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s"&gt;Keymap Switch Service&lt;/span&gt;
    60. 

  60. 

  61. &lt;span class="k"&gt;[Service]&lt;/span&gt;
    62. 

  62. &lt;span class="na"&gt;Type&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s"&gt;oneshot&lt;/span&gt;
    63. 

  63. &lt;span class="na"&gt;ExecStart&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s"&gt;/usr/local/bin/keymap-switch&lt;/span&gt;
    64. 

  64. 

  65. &lt;span class="k"&gt;[Install]&lt;/span&gt;
    66. 

  66. &lt;span class="na"&gt;WantedBy&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="s"&gt;kbrequest.target&lt;/span&gt;
    67. 

  67. &lt;/pre&gt;
    68. 

  68. 

  69. 

  70. &lt;p&gt;After enabling said service, we only need the actual keymap switcher, &lt;code&gt;/usr/local/bin/keymap-switch&lt;/code&gt;. The StackOverflow answer provides different ways of detecting the current keymap so we know which one to switch to. Since we're using SystemD, we can use that instead for managing which keymap we're actually using. It stores the current settings inside &lt;code&gt;/etc/vconsole.conf&lt;/code&gt;. We can also then switch keymaps by using &lt;code&gt;localectl set-keymap&lt;/code&gt;.&lt;/p&gt;
    71. 

  71. &lt;table class="codehilitetable"&gt;&lt;tr&gt;&lt;td class="linenos"&gt;&lt;div class="linenodiv"&gt;&lt;pre&gt; 1
    72. 

  72.  2
    73. 

  73.  3
    74. 

  74.  4
    75. 

  75.  5
    76. 

  76.  6
    77. 

  77.  7
    78. 

  78.  8
    79. 

  79.  9
    80. 

  80. 10&lt;/pre&gt;&lt;/div&gt;&lt;/td&gt;&lt;td class="code"&gt;&lt;pre class="code literal-block"&gt;&lt;span class="c"&gt;#!/bin/sh&lt;/span&gt;
    81. 

  81. &lt;span class="nb"&gt;source&lt;/span&gt; /etc/vconsole.conf
    82. 

  82. 

  83. &lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt; &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="nv"&gt;$TERM&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="s2"&gt;"dumb"&lt;/span&gt; &lt;span class="o"&gt;]&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then&lt;/span&gt;
    84. 

  84.   &lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt; &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="nv"&gt;$KEYMAP&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="s2"&gt;"dvorak"&lt;/span&gt; &lt;span class="o"&gt;]&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;then&lt;/span&gt;
    85. 

  85.     localectl &lt;span class="nb"&gt;set&lt;/span&gt;-keymap us
    86. 

  86.   &lt;span class="k"&gt;else&lt;/span&gt;
    87. 

  87.     localectl &lt;span class="nb"&gt;set&lt;/span&gt;-keymap dvorak
    88. 

  88.   &lt;span class="k"&gt;fi&lt;/span&gt;
    89. 

  89. &lt;span class="k"&gt;fi&lt;/span&gt;
    90. 

  90. &lt;/pre&gt;
    91. 

  91. &lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;
    92. 

  92. 

  93. &lt;p&gt;After putting it all together, it works! We can switch keymaps on the fly by simply pressing Alt+Up.&lt;/p&gt;&lt;/div&gt;</description><category>sysadmin</category><category>systemd</category><guid>http://pleasantprogrammer.com/posts/console-keymap-switching.html</guid><pubDate>Tue, 29 Oct 2013 12:02:06 GMT</pubDate></item></channel></rss>
    94.