I’ve been using *nix systems for so long that it feels like a complete pain in the ass whenever I have to open a cmd.exe program in windows to perform some sort of command line action. I searched around on ddg and figured out a way to make tasks in cmd.exe a little less painful by combining 2 applications:
This combination of apps makes me feel a little less frustrated now that I have the following features:
- The same line editing as Bash (from GNU’s Readline library).
- History persistence between sessions.
- Context sensitive completion;
- Executables (and aliases).
- Directory commands.
- Environment variables
- Thirdparty tools; Git, Mercurial, SVN, Go, and P4.
- New keyboard shortcuts;
- Paste from clipboard (Ctrl-V).
- Incremental history search (Ctrl-R/Ctrl-S).
- Powerful completion (TAB).
- Undo (Ctrl-Z).
- Automatic “cd ..” (Ctrl-Alt-U).
- Environment variable expansion (Ctrl-Alt-E).
- (press Alt-H for many more…)
- Scriptable completion with Lua.
- Coloured and scriptable prompt.
- Auto-answering of the “Terminate batch job?” prompt.
I started to get tired of lugging the 5D Mark III w/ me everywhere I go. It’s bad enough to have what feels like a 100lb camera on your shoulder but the added uncertainty of being robbed makes street snapshots an unpleasant daily experience. I decided to shop around and buy a fairly inexpensive camera that I wouldn’t be too upset about loosing, having it stolen or breaking it. At first I decided on the new Canon T5 but quickly realized that it lacked so many manual controls that I’m used to that I quickly returned it within 2 days of use. As I looked around the net, never thinking twice about ever switching vendors, I noticed that there was a lot of good press revolving around the Olympus OM-D EM-1 and the M5 regarding their overall weight, built quality, versatility and price. I stopped by my local camera shop and saw plenty of M5 cams laying around but they did have one EM1 that was still for sale. I sampled the camera and quickly discovered a number of features that lead up to me purchasing the camera.
- The weight
- The electronic view finder
- The multitudes of buttons and switches
- The build quality
- The price
I’ll put together a stronger review of the camera once I feel that I have enough experience shooting with it.
Current lenses that I’m shooting with:
- 17mm f/2.8
- 75mm f/1.8
- 12-40mm f/2.8 pro
- 15mm f/8 lens cap
I must admit, if someone stole this camera I’d be devastated!
For a while I was asking my hosting buddies to give me a non indexed vhost so I can start hosting my own RPM repo. The host finally came though so I will be publishing all of my RPMS/SRPMS to this repo along with maintaining a yum/dnf compatible tree that you can connect to!
I have also been switching over a lot of my hand managed builds over to a Jenkins CI server. Currently I have been testing HAProxy in order to see how well it performs before I roll out the rest of the software that I have been working on. HAProxy was a little tricky seeing that the main dev’s git tree simply refuses to pull content over http which is the only protocol available for distribution!
To access the files, you can simply add this yum repo to your local /etc/yum.repos.d folder:
curl -C – -O http://files.silverdire.com/centos/silverdire.repo -o/etc/yum.repos.d/silverdire.repo
*NOTE: My builds override the base default packages. Use at your own risk.
If you prefer to browse for packages manually, just go here:
Lastly, if you want direct links to HAProxy, they are as follows:
I’ve been awful at updating my site lately. In part I’ve been consumed with my work at Red Hat but the rest of my time was devoted to playing video games and socializing with my friends. I realize that I’ve neglected this site for too long so as of today you should expect at least one update per week.
To kickoff the updates, I finally upgraded my Windows box to 8.1. I mainly use this thing for video editing and playing games. While I’d love to game and video edit completely in Linux or BSD, I simply can’t because there are some certain games that I play that are not compatible with wine, plus I can’t seem to get away from certain plugins that I use in Adobe Premiere and After Effects. I am hearing really good things about Lightworks and OpenShot on Linux these days. I think the last editor I used in Linux/BSD was Kdenlive and I was quite impressed with what all it had to offer but it did tend to crash on me in no less than 10 minutes at a time.
In the past I tried out Windows 8 at launch and was consistently annoyed by having no easy way of getting it to work similar to Windows 7. Certain games would be interrupted by the start menu if my mouse hovered anywhere near the left corner of the screen while the game itself was in full screen! Over time some 3rd party software came out that made it possible to give me the Windows 7 desktop experience which finally justified upgrading the software… Currently I have the following mods installed:
Aero Glass can also be combined with classic shell to restore the Windows 7 start menu. I managed to disable all of the hot corners and remove all metro style apps from the menu as well! Nice!
I wasn’t fond of the default shell icon that comes with classic shell so I replaced it with this image that I lifted from a forum post here.
With both of these mods combined, my desktop finally looks and feels like Windows 7 again!
Obviously I removed my credentials in the kitty terminal but other than that the desktop picture hasn’t been altered in any other way. I’ll admit that the square corners of the glass theme annoy me. If I remember correctly, the Windows 7 original theme had rounded corners?
The only other problem I’m experiencing is shutting the system down… I boot with UEFI enabled along with the MSI fast boot feature. My boot time is usually less that 10 seconds which is nice but when I go to power down, the system seems to be stuck in a sleep state that I can’t get out of. The power button fades in and out but if I press it, nothing happens. I currently have no idea how to fix that and I’m not totally convinced that this is safe for my hard disks.
Yes, you heard it here. FreeBSD now supports ZFS on ROOT during installation. It is highly experimental but it’s nice to see that they are finally offirng this for those who do not feel comfortable formatting disks by hand. I still believe that my script (http://wp.me/p1V1C8-pP) offers people broader flexability so I for one will continue to use it.
Look… Just because I work for Red Hat now does not mean I’ve abandoned the FreeBSD community! I still use FreeBSD on a day-to-day basis!
Anyway… I downloaded the latest ALPHA of FreeBSD 10 the other day and discovered that my ZFS formatting script no longer works! =( I was amazed to find out that it was due to the livecd not allowing /mnt to be mounted as the altroot. In response, I corrected that specific problem in my script and heavily modified it to where most of my post installation related stuff is now automated! I also added lz4 compression as default for FreeBSD 10 and performed some automatic logic to decide whether the disks need to be 4K aligned. More changes will come to the script in the near future but for now it suits my needs quite well. If you would like to use it, I have posted the file here:
To use this script you will need to boot into the FreeBSD livecd under LiveCD mode. DO NOT go into rescue or normal install mode. Make sure you format a USB stick as a fat32 filesystem and copy the format_zfs_4k_gpt.sh script over to it.
Once you have booted the system up, login as the root command (you will not be prompted for a password).
1. Create a temporary directory:
mkdir -p /tmp/usb
2. Mount the USB key:
mount -t msdosfs /dev/da0s1 /tmp/usb
3. Copy the format script off the USB key to /tmp
cp /tmp/usb/format_zfs_4k_gpt.zip /tmp
4. Edit the script and change the DISK variable to the disk you wish to use.
5. Make the script executable and run it:
chmod +x /tmp/format_zfs_4k_gpt.sh
6. Once complete, reboot the computer and you should boot into a working copy of FreeBSD with ZFS as the default root filesystem.
After a good number of phone/in-person reviews, I finally accepted a position at Red Hat! For me, this is like a childhood dream come true. I’ve been working on Red Hat software ever since I was was in the 7th grade, which means I started on Red Hat Linux 6.3? In any case, I am very excited about this opportunity! I will serve as a “Strategic Release Engineer”. I won’t say any more than that but just know that this is a very exciting moment for me.
At the time, I was unable to interact socially with other class mates, nor was I capable of adequately communicating what I was doing to my adoptive parents. They would usually stand over my shoulder, look confused and leave me alone for the rest of the evening while I plugged away at solving common *nix related problems. (IE: Xorg not working correctly, tweaking boot params, compiling software, etc). I often questioned if what I was doing would ever amount to anything. I knew that there jobs out there there in high demand for *nix engineers but the though of me actually landing a position doing what I enjoyed was foreign to me. After several years of experiencing the real world, I did come to realize that I can do anything I set my mind to.
I wanted to simplify my fail2ban rules by linking it with HAProxy, this way I could block abusive IPs on my load balancer and not have to micro-manage all the other servers I have behind it.
Fail2Ban does not give you a template to work with HAProxy, nor does the internet have any good information on how to do this. I was however able to do this on my own so I wanted to share what I did to accomplish this. If you find an error in my process feel free to shoot me an email. I’ll be using CentOS 6 (EL6) as the base for my example:
- Make sure you already have fail2ban installed on your haproxy server.
- Configure haproxy to log all data in CLF format. You just need to add the following code to the default options in the haproxy.cfg file:
option tcplog clf
option httplog clf
- Make sure you remove any dontlog statement from the defaults config with the exception of dontlognull.
- Ensure that you have haproxy logging enabled, this will require the following code to be in the global section of the /etc/haproxy/haproxy.cfg file:
log 127.0.0.1 local5 info
- Enable logging on your local system logger (Ex: rsyslog)
- Enable log rotation of haproxy.log by creating a new /etc/logrotate.d/haproxy.cfg file:
reload rsyslog >/dev/null 2>&1 || true
- Restart rsyslog:
service rsyslog restart
- Copy the following text and paste it in a new config file under /etc/fail2ban/filter.d/haproxy-get-dos.conf:
# Haproxy Fail2Ban Regex using CLF format
failregex = ^.*: -.*\"(GET|POST).* ignoreregex =
- Add the following config to /etc/fail2ban/jail.conf:
enabled = true
port = http,https
filter = haproxy-get-dos
logpath = /var/log/haproxy*
maxretry = 500
findtime = 120
bantime = 3600
action = tarpit[name=HTTP, port=http, protocol=tcp]
sendmail-whois[name=haproxy-get-dos, firstname.lastname@example.org, email@example.com]
- Install the following packages (assuming EL6):
rpm -ivh http://centos.alt.ru/pub/repository/centos/6/x86_64/centalt-release-6-1.noarch.rpm
yum install xtables-addonsIf you use a different OS you will need to figure out a way to install netfilter’s TARPIT command, or just edit step #11 and change all mentions of TARPIT to DROP or REJECT. I personally use TARPIT because it helps me reduce the load on my system when attacks occur. If you want more info regarding TARPIT, read it here: http://www.secureworks.com/cyber-threat-intelligence/threats/ddos/
- Add the following config to /etc/fail2ban/action.d/tarpit.conf
# Tarpit trap
actionstart = iptables -N fail2ban-TARPIT-<name>
iptables -A fail2ban-TARPIT-<name> -j RETURN
iptables -I INPUT -p <protocol> -j fail2ban-TARPIT-<name>
actionstop = iptables -D INPUT -p <protocol> -j fail2ban-TARPIT-<name>
iptables -F fail2ban-TARPIT-<name>
iptables -X fail2ban-TARPIT-<name>
actioncheck = iptables -n -L INPUT | grep -q fail2ban-TARPIT-<name>
actionban = iptables -I fail2ban-TARPIT-<name> 1 -s <ip> -j TARPIT
actionunban = iptables -D fail2ban-TARPIT-<name> -s <ip> -j TARPIT
name = default
port = http
protocol = tcp
- Restart haproxy
service haproxy restart
- Restart fail2ban
service fail2ban restart
At this point you should have fail2ban crawling over your haproxy logs. Don’t treat my example as a magic bullet! Make sure you alter your fail2ban rules to match your expected thresholds so you don’t start banning genuine traffic.
If anyone has any suggestion on how to improve my process, please feel free to post in the disqus comments below.
Make sure to watch our first episode of “The Beer Nerds”. You can sample it here but I’d encourage you to go to the website and follow it from there: