• yum killed during upgrade

    This morning I tried to run security updates on one of my Centos VPS systems. Had to get creative since just running yum upgrade did not work. The yum process was killed unexpectedly:

    Transaction Summary
    Upgrade      19 Package(s)
    Total size: 24 M
    Is this ok [y/N]: y
    Downloading Packages:
    Running rpm_check_debug

  • Results: SSH Statistics Gathering Project

    A month or so ago I started an SSH Statistics gatherer with the hope of identifying high-level configuration details of SSH-2/SSH-1.99 servers in the USA. In running the tool for a couple of weeks I identified 46,250 SSH Servers that meet the basic criteria (I'd like to do a survey of SSH Servers running older versions in the 1.x range at a later date). This post explains the results of the survey.

  • Chrome Extension Development: Options Page Does Not Load Javascript

    Today I spent way too much time trying to debug an issue encountered while developing a Chrome extension. While attempting to create an Options page, I setup a separate 'options.js' file (to comply with security requirements that don't permit inline-JS) and found that the .js file would not load and that there were no error messages listed in the chrome developer tools view.

  • Macs can RDP to Windows Server, but my PC can't?

    An interesting problem surfaced earlier this year that prevented our systems administrators from using RDP to connect to a windows server if they use a windows laptop. Paradoxically, SysAdmins who run Macs were not affected. It took a little time to track this down and now that I've been through the troubleshooting process I know how to fix it and can see how we wound up in this situation in the first place

  • LastPass to 1Password: Dealing with a Messy Conversion

    We switched from LastPass to 1Password and encountered an unexpected hindrance: HTML encoded strings somehow replaced certain characters in critical passwords. The first time through the process it seemed like 1Password was was causing the problem. Upon further investigation we found that the problem originated during the LastPass 'export' process.

  • SSH Statistics Gathering Project

    I will be starting an SSH Statistics gatherer that will be targeting US based IP addresses today. The gatherer tool will run for 1 week through Sunday, January 22, 2017. During this time you may notice SSH-2.0-ssh-stats-gather-2017_1.0.0 appear in your SSH server logs. This tool performs a banner grab of SSH servers and does not attempt to login (performs a partial connect)

    I will update this post once the run completes with more details.

    Update 2017-01-29: Things picked up pretty fast and I was able to pick up quite a bit of data. The stats gathering tool has been turned off and I am parsing the results. Expect a post about the details at some point in the next few weeks.</b>

    Update 2017-01-22: Technical issues have come up which require that I extend the duration of this project for another couple of weeks. The new target completion date is Sunday, February 5th, 2017

    Update 2017-02-21: Results were published here

  • How to Compile and Build PuTTY on Ubuntu 16.04

    This week I needed to compile PuTTY to work on an Ubuntu system running 16.04 (LTS). The instructions are pretty straight-forward and will take you most of the way through compiling something you can use. A problem I ran into is that I kept on running into errors during compilation referencing dlsym, dlopen and dlclose.

    Fate was on my side as I was able to work my way through the problem (with a generous dose of google) and compile an executable that actually works.

  • Telerik JustDecompile and MSSQL Profiler Save the Day

    For the last few months we have been experiencing intermittent issues with one of our production processes. The issue is one that has confounded us in its lack of consistency and ability to frustrate anyone assigned to troubleshoot the problem. I was asked to look into the situation and in the end was able to discover the root cause in just a few hours using Telerik JustDecompile coupled with Microsoft's SQL Profiler tool. The journey was exciting and I'll share what I can here.

  • Compare MSIs using C#

    While cleaning up some old files I found a project that compares file manifests between MSIs. At the time we needed the ability to quickly determine if the files contained in a set of new MSIs contained at least the same set of files that was generated using a previous build process. While there are other tools that can compare MSIs, this code is lightweight and command-line scriptable.

  • Dashing.io Does Not Load Data on Centos

    I needed to setup a quick dashboard a couple months back so I turned to Dashing.io. Everything worked great, then one day none of the dashboard widgets displayed any data. Given the nature of the dashboard and its users this was incredibly annoying.

    The symptoms of this problem (which I can only replicate on Centos) are:

    • Dashboard widgets appear in the right order/layout when you load the page
    • Widgets do not contain any data until you Ctrl-C or kill the dashing process

  • Migration from Concrete5 to Jekyll

    When I first setup boredwookie.net Concrete5 was used to power the site. In the years since then I've grown tired of using a heavyweight CMS to post a few pages. Last month I made the switch over to Jekyll and the transition was anything but painless. It was incredibly difficult and required a lot of manual effort and fine-tuning to get right. Along the way I created a ruby script to take some of the busy work out of doing a bulk migration.

    The script takes xml files generated by the Concrete5 Legacy Migration Tool and creates jekyll-style posts with YAML front matter that can be massaged into a working site. While there are gaps in what I could script-out it was a useful tool in the migration effort.

  • Qt Works for Me

    I've been looking for a development platform that can let me create programs which work across all major operating systems. While there is nothing wrong with scripts and scripting languages, sometimes a GUI just makes sense. In the past I've used WinForms in C# to create utilities with functional user interfaces, but now that I'm looking to switch to Linux full-time I'd like something which is about as easy to use that can target at least Linux and Windows.

    Qt appears to check all the boxes I need, so barring development of a WinForms-like option for .NET Core or other changes in the landscape I'll press on.

  • Trying out Electron

    Within the next year or so I would like to be using Linux as my full-time desktop. To get there I need to find a development platform that lets me create small, stand-alone, cross-platform GUI tools. While scripts are great, sometimes things can be a lot easier with a GUI.

    One contender for this development framework role comes in the form of electron: a cross-platform development framework that lets you build desktop applications using HTML, CSS and JavaScript. I decided to take it for a spin and used it to create a small tool to examine a note taking database I exported from an old BlackBerry app.

  • BlackBerry Noted app - Database Viewer

    As part of my continued migration to Android from BlackBerry OS 10 (and to try and pick a framework for cross-platform application development), I created a tool in both Electron as well as Qt variants to read and extract notes from the old Notepad application I used to use on BB 10 devices (Noted - Written by a friend of mine). While the user interface for this tool is not very sophisticated (especially the Electron version), it gets the job done.

  • Electron: Cannot find module 'app'

    While attempting to use electron to write a cross-platform utility, I ran into an unexpected problem: The application would error out with a few weird messages like these:

    • App threw an error during load
      Error: Cannot find module 'app'
      at Module._resolveFilename (module.js:455:15)

    • App threw an error when running [TypeError: Cannot read property 'on' of undefined]
      A JavaScript error occurred in the main process
      Uncaught Exception:
      TypeError: Cannot read property 'on' of undefined

  • NextCloud / OwnCloud freezes or hangs on importing a large ICS file

    This week marks a bittersweet end to my use of BlackBerry smartphones: I retired my BB Priv. BlackBerry no longer makes a device that I can advocate for or recommend. Part of my migration to a new device involves exporting an old device-local calendar that I have been carrying around since BB OS 7. The export went well (plenty of utilities on the app store will let you export a calendar) and I was left with a 16,000 line ICS file that I wanted to migrate.

    The problem I ran into is that NextCloud hangs when it tries to process such a large calendar file and does not give any indication about the trouble it has (The web UI would hang with the words Import Scheduled).

  • OpenVAS gsad service: disable weak ciphers

    I've been experimenting with OpenVAS for a few months now in my home lab. While the tool can be a bit fiddly at times it has found legitimate issues that would have been difficult for me to identify manually.

    One interesting thing to note is that when OpenVAS scans itself (at least for installs that I've performed) is that it defaults to allowing certain weak ciphers. There is general guidance on how to lock-down the ciphers to a more secure configuration - it just requires some massaging if you run OpenVAS as a service which starts on boot.

  • BlackBerry Password keeper to KeePass Tool

    I used to be a big BlackBerry fan and have used the company's devices for about 5 years. While BB10 was awesome, The BB Priv and it's android implementation were lacking. I recently migrated to a new Android device and faced a dilemma: what do I do with the over 600 passwords that have accumulated in the BB standard 'Password Keeper' tool?

    To address this password migration situation I created the BB to KeePass Converter. This tool converts CSV exports from the BlackBerry Password Keeper tool and processes what it can (there are limitations) to save someone the hassle of re-entering all their passwords

  • Online Bash Regex Checker

    A few years ago I needed a quick way to check if regular expressions would work in a Bash Shell, so I setup regexraptor.net. Over time I stopped using the site as the platforms I needed to automate were not super bash-heavy, yet the site carried on.

    Fast Forward 4 years: Online Bash Regex Checker is one of the top searched for posts on Bored Wookie. The site is pretty bare-bones, but if you need to check a regular expression to see if it will work in a modern bash shell, why not take a look?

  • How to Interact with the LogRhythm SOAP API using Ruby

    I recently had the opportunity to interact with the LogRhythm SOAP API. LogRhythm is a SIEM/IDS solution that has components which run on both Windows and Linux. They provide an HTTP/SOAP interface which allows for interacting with the system via well-defined API calls. This API runs in Windows/IIS.

    My goal was to use ruby to interact with this API as part of a security data aggregation script I needed to execute. This article describes a couple things which helped me on my way to success.


subscribe via RSS