I updated older posts with newer tech (August 2016)

Posted on Sun 28 August 2016 in work • Tagged with Institute for Computer Vision and Computer Graphics

I've taken some time today to update my system operations related posts with newer information. This information is based on the usage and issues that we faced and will hopefully prevent others from stumbling into the same problems should they choose to follow my guidance.


Reading recommendations (2016-08-24)

Posted on Wed 24 August 2016 in reading recommendations

This time I had to dump quite a lot of links into the sidenotes since it's been longer since the last post. But that's how it is given that I really want to adhere to my self-imposed 7 big links rule.

  • On Cybersecurity and Being Targeted by Kenneth Reitz (via Twitter)
    Reitz describes an attack on his person via GitHub and his DNS provider. The short lesson here is to use common e-mail provider when registering with services instead of a small one or your own. Two factor authentication helps.
  • Behind the Scenes of iOS Security by Ivan Krstic (via macrumors.com feed and others, presentation video)
    It's been a long time since Apple presented at a hacker congress. Krstic discusses iOS encryption, encryption for iCloud Keychain and introduces Apple's invite-only bug bounty program.
  • Sunday Conversation: Games That Made You Cry by Mark Delaney (trueachievements.com feed)
    While this article is focused on Xbox games I have fond memories of playing Grandia where I cried at the sweet and peaceful conclusion of its epic journey.
  • Germany to tell people to stockpile food and water in case of attacks: FAS by Caroline Copley, Andrew Bolton (reuters.com World News feed)
    I don't really know what to say here. I'm shocked. The post makes it sound as if Germany is preparing for war. Not that it is. I mean, probably not. Hopefully. It might be a precaution in case a city is in a state of emergency again as it was during the Munich shooting.
  • EquationGroup Tool Leak – ExtraBacon Demo by ~XORcat (via Twitter)
    Experiment with the leaked NSA tools. Technical read.
  • Twitter timeline about inciting hatred against the press at one of Trump's rallies by Jared Yates Saxton (curated by @EndTrumpsHate, via blog.fefe.de feed)
    Yes, another Trump link. This one shows the disgusting inciting of hatred towards press.
  • Notes from a lecture about C by Nick P (via blog.fefe.de feed)
    Haven't seen the presentation itself yet, but the notes about the design process of C are both enlightening and amusing.

Despite the self-restraint stated above, I've elected to include one gem from my archives which I'd like to add to these posts slowly until the archive is drained and I've fully switched to the Reading Recommendation posts.

"On Nerd Entitlement" by Laurie Penny is a fascinating read about how nerds who were shunned can in turn be no better than their tormentors by shunning women who don't adhere to the typical pretty woman stereotypes. I really can't stress how important it is for one to have a moment of introspection from time to time.


Sidenotes.


Sensu widget for Übersicht

Posted on Thu 18 August 2016 in work

Initially I was on the look for an alternative to Geektool for macOS that would not crash if I was to run an interactive script like iftop. When I saw that StatusCake report widget by Colin O'Brien for an HTML based Geektool alternative called Übersicht and saw that it was just processing some JSON I felt the urge to build something like that widget for our Sensu monitoring.

A few hours of research, cursing and reconfiguring systems I had a working solution even though my Javascript is still awful and I still don't know what's so great about CoffeeScript.

I've based my widget on O'Brien's and also provide my copy under the MIT License. I've commented functions and parameters for readability's sake. Yes, the changed colors might seem unnecessary but I took them straight from the Uchiwa interface for Sensu for consistency.

You can easily toggle on or off:

  • Sorting the events by hostname (default: true - I can't see why you wouldn't do that)
  • Display of the command run by Sensu that triggered this event (default: false)
  • Display of the output run of the failed check (default: true)
  • Blinking of certain indicators by warning level (default: [] - I hate the blinking but since it was already in the base I chose to support it anyway)

Screenshots

minimal version

no extra features enabled

only output

Only output enabled

only command

Only command enabled

everything enabled

All features enabled

Script

SENSU_PASSWORD = "password"
SENSU_USERNAME = "username"
SENSU_URL = "https://sensu.domain.example:port"

# display options
SORT_BY_HOSTNAME = true
SHOW_COMMAND = false
SHOW_OUTPUT = true

# blink indicators - possible values: "warn", "error", "unknown"
# e.g. BLINKING_INDICATORS = ["warn", "error"]
BLINKING_INDICATORS = []

command: "curl -sS --user #{SENSU_USERNAME}:#{SENSU_PASSWORD} #{SENSU_URL}/events"
refreshFrequency: 60000  # Milliseconds between calls


render: -> """
<div>
  <table></table>
  <style>
    @-webkit-keyframes blink {
       from { opacity: 1; }
       to { opacity: 0.2; }
    }
  </style>

</div>
"""

update: (output, domEl) ->
  # Redraw the widget
  events = JSON.parse(output)
  table = $(domEl).find('table')

  table.html('')

  translateStatus = (code) ->
    # translate between text and Sensu/Nagios status codes
    if code == 0
      return "ok"
    if code == 1
      return "warn"
    if code == 2
      return "error"
    else
      return "unknown"

  showCommand = (check) ->
    # display the check command if enabled
    if check.command? and SHOW_COMMAND == true
      return "<= " + check.command
    else
      return ""

  showOutput = (check) ->
    # display the check output if enabled
    if check.output? and SHOW_OUTPUT == true
      return "=> " + check.output
    else
      return ""

  showBlinking = (status) ->
    # blink indicators if enabled
    if "warn" in BLINKING_INDICATORS and status == 1
      return "blink"
    if "error" in BLINKING_INDICATORS and status == 2
      return "blink"
    if "unknown" in BLINKING_INDICATORS and status != 0
      return "blink"
    else
      return ""

  insertNewline = () ->
    # dynamically insert a newline between check command and check output if both are enabled
    if SHOW_OUTPUT == true and SHOW_COMMAND == true
      return "<br>"
    else
      return ""

  sortByHostname = (a, b) ->
    # sort the results by hostname if enabled
    return a.client.name.localeCompare(b.client.name)

  renderEvent = (event) ->
    # render one event
    """
    <tr>
      <td class="status #{translateStatus(event.check.status)} #{showBlinking(event.check.status)}"><div class="disc"></div></td>
      <td class="sitename">#{event.client.name}</td>
      <td class="check">#{event.check.name} </td>
      <td class="impact">#{showCommand(event.check)}#{insertNewline()}#{showOutput(event.check)}\</td>
    </tr>
    """

  if SORT_BY_HOSTNAME == true
    results = events.sort(sortByHostname)

  for event in events
    table.append renderEvent(event)


style: """
top: 20px
left: 80px
right: 80px
color: #ffffff
margin: 0 auto
font-family: Helvetica Neue, Sans-serif
font-smoothing: antialias
font-weight: 300
font-size: 16px
line-height: 27px

td
  vertical-align:top

.status
  padding: 8px 9px 0 0

.sitename, .check
  padding: 0 20px 0 0

.disc
  width: 12px
  height: 12px
  border-radius: 50%

.warn .disc
  background-color: rgba(249,186,70,1)

.error .disc
  background-color: rgba(234,84,67,1)

.unknown .disc
  background-color: rgba(77,77,77,1)

.blink
  animation: blink 2s cubic-bezier(0.950, 0.050, 0.795, 0.035) infinite alternate
"""

notes

  • I recommend using an additional layer of protection in front of your Sensu API (e.g. Apache/Nginx Basic Auth + Fail2ban)
  • I have not tested this with a Sensu which has no currently failing checks.
  • Please excuse me protecting the privacy of our servers in the screenshots :)

Reading recommendations (2016-08-07)

Posted on Sun 07 August 2016 in reading recommendations

Haven't had the time to work on the new thing for this category yet, so here's another round of links without the bonus feature I'm working on.


Sidenotes.


Reading recommendations (2016-07-30)

Posted on Sat 30 July 2016 in reading recommendations

Here's another round of reading recommendations. The nice addition to these links I mentioned last time is progressing nicely with what I think is probably a third of the work already completed.


Sidenotes.