Linux: Configuring CDP for mapping physical network ports

We're turning up a lot of servers, with a lot of Ethernet ports, and it's hard to keep track of what's where. Our network guy turned me on to the concept of CDP to list out what's connected to certain ports. On a modern CentOS or Fedora box you simply need to install lldpd and enable it for CDP mode and you're off to the races.

yum install -y lldpd
perl -pi -e 's/LLDPD_OPTIONS=""/LLDPD_OPTIONS="-c"/' /etc/sysconfig/lldpd
systemctl enable lldpd ; systemctl start lldpd

This will start the lldpd service and begin broadcasting on all ethernet ports. After 30 seconds or so you should be able to run the following command to see what your local Ethernet neighbors are.

lldpcli show neighbors
Leave A Reply

SSH to hosts with older ciphers

We have some older Cisco equipment that runs SSH with some untrusted ciphers. Specifically the key exchange is still using SHA1, which modern Linux distributions have deprecated. You may see something like this:

Unable to negotiate with 234.234.234.234 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

You can work around this by putting this in your ~/.ssh/config

Host 234.234.234.234
    KexAlgorithms +diffie-hellman-group1-sha1

Borrowed from StackExchange.

Leave A Reply

Linux: Fedora 28 major package versions

Fedora 28 has these versions of some core packages:

Package Version
Apache 2.4.33
GCC 8.0.1
Kernel 4.16.3
Perl 5.26.1
PHP 7.2.5
Vim 8.0.1788
Git 2.17.0
Leave A Reply

Fedora: Enable h264 video on Firefox with Fedora 28

The h264 video codec is the most popular codec on the internet right now. Unfortunately it's patent encumbered so it cannot be included in Firefox unless Mozilla were to pay a licensing fee. To enable h264 support in Firefox on Fedora 28 you'll need to enable the RPM Fusion repository.

dnf install https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm \
https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm

After you've configured RPM Fusion you'll need to install some FFMpeg libraries to handle the actual h264 decoding:

dnf install ffmpeg-libs compat-ffmpeg28
Leave A Reply

Floating point rounding errors

Computers store floating point numbers in IEEE-754 format. This is imprecise and can result in rounding errors after the 8th or 9th decimal place. The following example shows the error in a simplified manner:

perl -E 'say 0.1 + 0.2 == 0.3 ? "true" : "false"'

python -c 'print 0.1 + 0.2 == 0.3'

ruby -e 'puts 0.1 + 0.2 == 0.3'

php -r 'print 0.1 + 0.2 == 0.3 ? "true" : "false";'

All of these print out false which is obviously the incorrect answer. Most languages recommend some type of rounding or comparison library when comparing floating point values for this reason.

This rounding error is present in JavaScript too:

console.log(0.1 + 0.2 == 0.3 ? "True" : "False");
Leave A Reply

Kevin Smith on his (almost) death

Kevin Smith had a heart attack yesterday and wrote, what I feel, is a really well worded interpretation human mortality.

I was trying to do a killer standup special this evening but I might’ve gone too far. After the first show, I felt kinda nauseous. I threw up a little but it didn’t seem to help. Then I started sweating buckets and my chest felt heavy. Turns out I had a massive heart attack. The Doctor who saved my life at the #glendale hospital told me I had 100% blockage of my LAD artery (also known as “the Widow-Maker” because when it goes, you’re a goner). If I hadn’t canceled the second show to go to the hospital, the Doc said I would’ve died tonight.

For now, I’m still above ground! But this is what I learned about myself during this crisis: death was always the thing I was most terrified of in life. When the time came, I never imagined I’d ever be able to die with dignity - I assumed I’d die screaming, like my Dad (who lost his life to a massive heart attack). But even as they cut into my groin to slip a stent into the lethal Widow-Maker, I was filled with a sense of calm. I’ve had a great life: loved by parents who raised me to become the individual I am. I’ve had a weird, wonderful career in all sorts of media, amazing friends, the best wife in the world and an incredible daughter who made me a Dad.

But as I stared into the infinite, I realized I was relatively content. Yes, I’d miss life as it moved on without me - and I was bummed we weren’t gonna get to make #jayandsilentbobreboot before I shuffled loose the mortal coil. But generally speaking, I was okay with the end, if this was gonna be it. I’ve gotten to do so many cool things and I’ve had so many adventures - how could I be shitty about finally paying the tab.

But the good folks at the Glendale hospital had other plans and the expertise to mend me. Total strangers saved my life tonight (as well as my friends @jordanmonsanto & @iamemilydawn, who called the ambulance). This is all a part of my mythology now and I’m sure I’ll be facing some lifestyle changes (maybe it’s time to go Vegan). But the point of this post is to tell you that I faced my greatest fear tonight... and it wasn’t as bad as I’ve always imagined it’d be. I don’t want my life to end but if it ends, I can’t complain. It was such a gift. #KevinSmith

via Kevin Smith's Instragram

Leave A Reply

FFMPEG: Using VBR encoding for MP3s

I'm a big fan of using VBR for MP3s. I use FFMPEG to convert video (and sometimes audio) files to different formats. If you want to utilize VBR with LAME when you do FFMPEG conversions you need to specify the libmp3lame encoder, and then a given quality level:

ffmpeg -i input.wav -codec:a libmp3lame -qscale:a 2 output.mp3

ffmpeg -i video.mp4 -codec:a libmp3lame -qscale:a 6 /tmp/output.mkv
Leave A Reply

Pale blue dot

"Look again at that dot. That's here. That's home. That's us. On it everyone you love, everyone you know, everyone you ever heard of, every human being who ever was, lived out their lives. The aggregate of our joy and suffering, thousands of confident religions, ideologies, and economic doctrines, every hunter and forager, every hero and coward, every creator and destroyer of civilization, every king and peasant, every young couple in love, every mother and father, hopeful child, inventor and explorer, every teacher of morals, every corrupt politician, every "superstar," every "supreme leader," every saint and sinner in the history of our species lived there-on a mote of dust suspended in a sunbeam.

The Earth is a very small stage in a vast cosmic arena. Think of the endless cruelties visited by the inhabitants of one corner of this pixel on the scarcely distinguishable inhabitants of some other corner, how frequent their misunderstandings, how eager they are to kill one another, how fervent their hatreds. Think of the rivers of blood spilled by all those generals and emperors so that, in glory and triumph, they could become the momentary masters of a fraction of a dot.

Our posturings, our imagined self-importance, the delusion that we have some privileged position in the Universe, are challenged by this point of pale light. Our planet is a lonely speck in the great enveloping cosmic dark. In our obscurity, in all this vastness, there is no hint that help will come from elsewhere to save us from ourselves.

The Earth is the only world known so far to harbor life. There is nowhere else, at least in the near future, to which our species could migrate. Visit, yes. Settle, not yet. Like it or not, for the moment the Earth is where we make our stand.

It has been said that astronomy is a humbling and character-building experience. There is perhaps no better demonstration of the folly of human conceits than this distant image of our tiny world. To me, it underscores our responsibility to deal more kindly with one another, and to preserve and cherish the pale blue dot, the only home we've ever known."

-- Carl Sagan, Pale Blue Dot

Leave A Reply

SSL Cert Changes

I got the following email today from Thawte:

Important Service Announcement

Dear Scott Baker,

We want to inform you of upcoming deprecation of 3-year certificates.

The CA/Browser Forum approved Ballot 193 which reduces the maximum validity period (or 'lifetime') for Domain Validated (DV) or Organization Validated (OV) certificates from 39 months to 27 months (825 days).

You will no longer be able to order a 3-year certificate after February 20, 2018.

Important note: This is an industry-wide change required of all Certificate Authorities.

Moving forward, no Certificate Authority will be able to sell an SSL cert valid for more than 27 months. This is less than ideal, because long cert expiration dates are pretty handy for some of those secure-and-forget-about sites.

Leave A Reply

Books of 2018

List of books I read in 2018. Also see the list of 2017. The date indicated denotes the date I started reading the book.

2018-01-05 - All the Birds in the Sky - 314 pages
2018-01-17 - 1984 - 298 pages
2018-01-27 - Eldest - 675 pages
2018-02-22 - The Killing Moon - 404 pages
2018-03-09 - Pale Blue Dot - 334 pages
2018-03-22 - Tortilla Flat - 151 pages
2018-03-28 - Ready Player One - 372 pages
2018-04-08 - Homeland - 343 pages
2018-04-24 - Brisingr - 763 pages
2018-05-29 - The Four Agreements - 146 pages
2018-06-03 - Dragons of Autumn Twilight - 444 pages
2018-06-21 - Frankenstein: Prodigal Son - 469 pages
2018-07-05 - Astrophysics for People in a Hurry - 224 pages
2018-07-08 - Feed - 574 pages
2018-07-28 - Exile - 333 pages
2018-08-11 - Solaris - 204 pages
2018-08-29 - The Green Mile: The Two Dead Girls - 75 pages
2018-08-31 - The Green Mile: The Mouse on the Mile - 85 pages
2018-09-02 - The Green Mile: Coffey's Hands - 83 pages
2018-09-06 - The Green Mile: The Bad Death of Eduard Delacroix - 83 pages
2018-09-11 - The Green Mile: Night Journey - 83 pages
2018-09-13 - The Green Mile: Coffey on the Mile - 131 pages
2018-09-17 - Dragons of Winter Night - 395 pages

Leave A Reply

Hanlon's razor

"Never attribute to malice that which is adequately explained by stupidity." - Hanlon's razor

Leave A Reply

SSH: Transferring large files between hosts

I need to transfer several 10+ gigabyte files between two internal Linux hosts. The easiest way is to use either the scp or sftp. This will encrypt the transfer which can slow things down. There are several ciphers available that you can use to speed things up. Using modern OSs (Fedora 27, CentOS 7, FreeNAS 11) I wanted to find the best cipher to standardize on. The fastest cipher supported by all of my operating systems is aes128-gcm@openssh.com.

You can use aes128-gcm@openssh.com with scp and sftp like this:

scp -c aes128-gcm@openssh.com user@domain.com
sftp -c aes128-gcm@openssh.com user@domain.com

To use an alternate cipher with rsync use this command:

rsync -avP --rsh="ssh -c aes128-gcm@openssh.com" /source/dir user@domain.com:/destination/dir

Honorable mention goes to aes128-ctr as the second place contender. If for whatever reason aes128-gcm@openssh.com isn't available it would make a good alternate choice.

Leave A Reply

PHP: Convert an array to a hash

I have a flat array that I want to convert to a hash so I can use it as a lookup table. There isn't an easy or clear way to do that in PHP so I wrote my own function:

function array_to_hash(array $array, $val = 1) {
    $ret = array_fill_keys($array, $val);

    return $ret;
}
Leave A Reply

Linux: Fedora 27 major package versions

Fedora 27 has these versions of some core packages:

Package Version
Apache 2.4.29
GCC 7.2.1
Kernel 4.13.3
Perl 5.26.1
PHP 7.1.11
Vim 8.0.1187
Git 2.14.3
Leave A Reply - 1 Reply

Perl: redirect STDOUT and STDERR to a file

I need to redirect STDOUT and STDERR to a log file in my script. I didn't find really conclusive documentation on the best way to do this so here is what I came up with.

my $file = "/tmp/debug.log";
open(my $stdlog, ">", $file) or die("Cannot open $file");

*STDOUT = $stdlog;
*STDERR = $stdlog;
Leave A Reply