Now that chef is out and about people that accepted the massive improvement over all the existing host configuration managers that is Puppet will probably be casting a weary eye its way. I’ve got a little too much in puppet at my current position to look at moving for a while yet but now the competition is rising its time to get my boot in and point out what, for me, is the worst part of puppet; how difficult it is to add new types. Read on →

Despite setting up my own gitweb install I’m still not using git regularly enough to be comfortable with it so today I went through the Peepcode Press Git Internals book/PDF. While the diagrams and details of what happens under the cover are useful it’s the wrong level for me as a basic user. To ease myself in to the move from subversion for some of my personal projects I found Git Magic to be more useful. Read on →

… but the beer is very cheap. Which I know is an important thing for my readers. I can also agree with their choice of food, lots of pork and goulash with stodgy dumplings and thick sauce. Pig knuckle is much nicer than it sounds. I spent a long weekend in Prague, it was -10 for most of it but luckily the city isn’t very big and you can reach all the usual tourist spots by foot if you’ve got a day or two. Read on →

Penetration testing is tactical. It provides tangible, actionable information – Ivan Arce It’s been a while since I’ve been involved in pen testing but the above quote from Ivan is perfect and its meaning all too often overlooked. When you invest the time in something like pen testing or performance tuning you should always come away with a list of actionable tasks. By doing this you ensure the work wasn’t pointless (or if it was avoid repeating the mistake) and have something you can present to stake holders to get buy in for the next time. Read on →

Ever wanted to limit the number of ssh login attempts a user can make before their account gets locked? Well, not really, but when brute force tools are so common and easy to use it’s another useful trick in the sysadmins arsenal. In this example I’ll show you how to install, configure and audit failed ssh loging attempts on Linux. While the PAM mod_tally module is available for a number of different distros and Unix variants we’ll set it up on Debian. Read on →

It’s been another day of many DNS changes and while the work itself has been amazingly dull, life draining, scut work at least one positive thing’s come out of it - my appreciation for the Net::DNS perl module has grown. While it’s possible to do nearly anything DNS query related with the dig command it’s a lot easier to extract the data and reuse certain fields if you have access to a decent data structure rather than grepping bits of text out. Read on →

Adhoc changes are a very bad thing in many ways, one of the worst is how often they are not fully implemented across all the servers or even pulled back to staging. In an attempt to sanity check the config files when we have to make these little hacks I oddly-proudly present - rd-differ. A tool for diffing config files over multiple machines. The idea is simple, you tell it the file or directory you’re interested in, specify a single machine as the baseline and then specify a number of others as the machines to check against it. Read on →

Today has been one of those death by a thousand cut days. We did a migration first thing in the morning (I’m not supposed to be awake at 6am unless it’s from a really late night) and while all the big bits were planned and moved successfully the work list was missing enough little pieces to make the rest of the day very annoying. What made the work a lot harder was that the changes had to be made through a web front end that abstracted about 20 seconds of vim in to four minutes of clicking buttons that were never in the same place twice. Read on →

Stemming is the process for reducing inflected (or sometimes derived) words to their stem, base or root form. – Wikipedia article on Stemming Ever used a website that allowed you to tag content? Ever ended up accidently using slightly different tags? Something like graphs and graphing or blog and blogs? (I hope so, otherwise it’s just me…) To spot some of the more obvious overlaps you can stem each of the words and look for a common base. Read on →

The only books on capacity planning I’ve ever skimmed my way through have been dense, dull tomes of long mathematical formulas, advice that’s hard to use in any practical way and page counts in the treble digits. Thankfully John Allspaw has bucked this trend with The Art of Capacity Planning and instead written a slender, thought provoking, book. The main focus of the book is that measurement is good, blind guessing is bad and that capacity planning, like security, is an ongoing process. Read on →