Random Tech Ramblings

I've become so used to using side tabs (TreeStyleTabs) in Firefox, that it's somewhat painful to use any other browser in more than a passing manner. My work laptop was just replaced, and I had to back into this configuration again, so I figured this is a good time to document it. Drawing from several sources (linked at the bottom). In a terminal window, create your chrome Firefox profile directory: mkdir -pv ~/Library/Application\ Support/Firefox/Profiles/*.default/chrome and your personal chrome file: touch ~/Library/Application\ Support/Firefox/Profiles/*.default/chrome/userChrome.css Install the TreeStyleTab plugin ( https://addons.mozilla.org/en-US/firefox/addon/tree-style-tab/ ) In Firefox, Press Cmd + Opt + I Click on the cog icon (Settings) in the upper right (may be inside the hamburger menu) In Advanced Settings, check "Enable browser chrome and add-on debugging toolboxes" and "Enable remote debugging" Restart Firefox Press Cmd + Opt + Shift +

It would seem that ssh-keygen on OS X Mojave generates OpenSSH Private Keys instead of the traditional RSA Private Keys. While on the surface this is not a problem at all, it recently created a problem for us in combination with our use of the net-ssh Ruby gem, specifically that only RSA Private Keys are supported by this particular version of the gem, unless other dependencies are explicitly installed. So there would appear to be two solutions to this problem. First, we could update the net-ssh gem or discover/install whatever other dependencies are required to support OpenSSH Private Keys. Option two is to convert the existing private key from OpenSSH to RSA. The man page for ssh-keygen is helpful, but not nearly clear enough for this use case, so I'm documenting it here because I'm sure it'll come back to bite me again in the future. Assuming ~/.ssh/id_rsa starts with: -----BEGIN OPENSSH PRIVATE KEY----- Run ssh-keygen -p -m PEM -f ~/.ssh/id_rsa and you will

tail -f /path/to/log/file | pv -l -i 10 -r > /dev/null pv options user: -l count lines -i10 refresh every 10 seconds -r display rate counter

Logging Filter by request host header varnishlog -q 'ReqHeader ~ "Host: example.com"' Filter by request url varnishlog -q 'ReqURL ~ "^/some/path"' Filter by client IP (behind reverse proxy) varnishlog -q 'ReqHeader ~ "X-Real-IP: .*123.123.123.123"' Filter by request host header and show request URL and referrer header varnishlog -q 'ReqHeader ~ "Host: (www\.)?example\.com"' -i "ReqURL" -I "ReqHeader:Referrer:" Admin Purge Cache varnishadm 'ban req.url ~ "^/some/path/"' Show VCLs varnishadm vcl.list Show backends varnishadm backend.list

While trying to reproduce an issue, it's often useful to be able to artificially introduce latency without simply killing a service. The tc command, coupled with iptables allows you to achieve that goal. Run all of the below as root. All network traffic to/from a host Add 10ms to all network activity: tc qdisc add dev eth0 root netem delay 10ms Show config: tc -s qdisc Undo it: tc qdisc del dev eth0 root netem Specific flows Add 10ms to all HTTP responses from a webserver running on port 80 on this host: tc qdisc add dev eth0 root handle 1: prio priomap 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 tc qdisc add dev eth0 parent 1:2 handle 20: netem delay 10ms tc filter add dev eth0 parent 1:0 protocol ip u32 match ip sport 80 0xffff flowid 1:2 Undo it: tc qdisc del dev eth0 root handle 1: prio priomap 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

Creating/Modifying Generate a new private key openssl genrsa -out example.key 2048 Remove a passphrase from a private key openssl rsa -in example.key -out new_example.key Generate a new private key and CSR (certificate signing request) openssl req -out example.csr -new -newkey rsa:2048 -nodes -keyout example.key Generate a self-signed SSL certificate openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout example.key -out example.crt Generate a CSR using an existing private key openssl req -out example.csr -key example.key -new Generate a CSR based on an existing certificate openssl x509 -x509toreq -in example.crt -out example.csr -signkey example.key Generate a CSR with multiple Subject Alternative Names (SANs) Create a config file: [req] default_bits = 2048 prompt = no encrypt_key = no default_md = sha256 req_extensions = req_ext distinguished_name = dn [ dn ] C = US ST = New York L = New York O = Secure Corp, LLC OU = IT CN = host.securecorp.com [ req_ext ] subjectAlt

nstat is a tool for collecting linux network statistics. I use it in my monitoring stack to collect information about UDP data loss. The command maintains state, and on rare occasions, that state becomes corrupt. Corrupted state results in the command dumping core without any other explanation. $ nstat Aborted (core dumped) An strace of the command is similarly unhelpful. The best way I've found to rectify this situation is to reset the command's history nstat -r