System time:  Fri/10/24 : 02:42:57

"OH!"

Something that is seemingly difficult to find clearly described in plain english for JunOS, is 801.ad L3 Service Provider tunnel termination.
Ie; QinQ tunnels to/from sites using the 0x88a8 ethertype, wherein you terminate to an L3 interface on the innermost vlan.
Unsurprsingly (perhaps), the config is largely similar between Cisco IOS and Juniper JunOS.

That said, both configs still feel somewhat bulky, but I think that's really just the nature of the beast.
Some config I've labbed, and also test against some non-production services on the MX platform follows;

interfaces {
    xe-0/1/0 {
        description "QinQ bundle from provider";
        flexible-vlan-tagging;
        gigether-options {
            ethernet-switch-profile {
                tag-protocol-id 0x88a8;
            }
        }
        unit 1001 {
            description "CCI/NNI Tail 1001 to site Foocity";
            encapsulation vlan-bridge;
            vlan-tags outer 0x88a8.1001 inner 10;
        }
    }
    irb {
        unit 1001 {
            description "CCI/NNI Tail 1001 to site Foocity";
            family inet {
                address 10.0.0.1/29;
            }
        }
    }
}
bridge-domains {
    vlan1001 {
        description "Foocity";
        domain-type bridge;
        vlan-id none;
        interface xe-0/1/0.1001;
        routing-interface irb.1001;
    }
}

For comparison sake, and the non JunOS savvy, The Cisco 7600 (and mostly, ASR equivalent) is pretty similar. Just replace the sub-interface with the service instance stanza.

interface TenGigabitEthernet1/11
  description QinQ bundle from provider
  no ip address
  dot1q tunneling ethertype 0x88A8
  no keepalive
  service instance 1001 ethernet
   description CCI/NNI Tail 1001 to site Foocity
   encapsulation dot1q 1001 second-dot1q 10
   rewrite ingress tag pop 2 symmetric
   bridge-domain 1001
!
interface Vlan1001
  description CCI/NNI Tail 1001 to site Foocity
  ip address 10.0.0.1 255.255.255.248
!
vlan 1001
  name Foocity
!
end



Big shout out for Beardyman.



Simple Words

On Juniper JunOS Class-of-service...

Something I've always had trouble with, is wrapping my head around class-of-service on Juniper devices.
It's never helped that almost all the EX examples are overly complicated, and or assume you are running some manner of L3 interface on the device.
In our environments, almost every single one our EX switches are exactly that - just switches. So we typically need to classify on ingress and set dscp or 802.1p values based on what's connected to what port.

Something in my head clicked today and I realized that it's so simple... I just have to remember:
Classify on -INGRESS-, mark on -EGRESS-
Classification assigns traffic to a forwarding class, and mark on egress based on which forwarding class you just put traffic into.

So incredibly simplified, mark everything entering ge-0/0/1 with 802.1p priority 5 as it exits ge-0/0/0:

ex2200# show class-of-service
interfaces {
    /* Mark everything on egress appropriately per the custom re-write rule */
    ge-0/0/0 {
        unit 0 {
            rewrite-rules {
                ieee-802.1 EF-TO-PCP-5;
            }
        }
    }
    /* Classify everything on ingress as EF, and put it into the EF switch queue(s) */
    ge-0/0/1 {
        unit 0 {
            forwarding-class expedited-forwarding;
        }
    }
}
rewrite-rules {
    /* Mark packets in the EF queues as priority 5 */
    ieee-802.1 EF-TO-PCP-5 {
        forwarding-class expedited-forwarding {
            loss-priority low code-point 101;
            loss-priority high code-point 101;
        }
    }
}

Random sidetracked moment of the day;
Punching at random words from Android autocomplete entries and reading the resulting phrases.

Actual examples:
Can ping it is not the intended recipient of this tag has a lot of planning and the mayonnaise jar Svideo tuner

Know when to expect from the lab and a gateway of Once again for all your favorite music is my first post a link on my phone number for you guys sell it

How'd the office and the other hand that's probably why you should know about the future of this message has been in business

I feel like I'm reading Huawei manuals again.

Majestic

Oh my poor blog.

Going to try and start posting semi-regularly again (for really reals this time).
As proof, here's a thing:

Something sort-of interesting came up at work today.

I had to create a one-stop Excel function to convert DMS Lat/Long to their Decimal equivalents.

Ala:
52° 58' 44.889" N
Into
52.979136

And
122° 33' 37.929" W
Into
-122.560536

Almost all the examples I could find relied on one, or a combination of;

  • Pre-formatting the data using text-to-columns
  • Used hard-coded numbering, or modifying the original values into some other format.
  • Or VBS script(s) to do it

My restrictions were;

  • I can't modify the original data
  • I "must" reference the original data (can't copy/paste, modify, then use)
  • It must be easy to spot problems with the reference data

Microsoft has a script, but it only worked for about 15 minutes, and then broke. And $DAYJOB restrictions meant I couldn't make the VBS portable with the end result anyway.
Suffice to say, neither option suited my case, and it seemed a problem that should be solvable with a single function.

What I learned: Excel can do stupidly interesing stuff, but holy crap - if they would just integrate regex support directly into excel (read: Not as a VBS plugin) for normal human beings, my life would have been much easier.

Function for Latitude:

=IF(LEFT(A10,1)="-","-",IF(RIGHT(A10,1)="S","-",""))
&LEFT(A10, FIND("°", A10)-1)
+(MID(A10,FIND("°",A10)+1,FIND("'",A10)- FIND("°", A10)-1)/60)
+(MID(A10,FIND("'",A10)+1,FIND("""",A10)- FIND("'", A10)-1))/3600

To break it down;
If the A10 cell starts with a '-', or ends with a 'S'outh, add a negative to the decimal output.
Parse number for Degrees
Parse number for Minutes, convert
Parse number for Seconds, convert

Function for Longitude is much the same. If check just converts 'W'est to negative instead.

=IF(LEFT(B10,1)="-","-",IF(RIGHT(B10,1)="W","-",""))
&(LEFT(B10, FIND("°", B10)-1)
+(MID(B10,FIND("°",B10)+1,FIND("'",B10)- FIND("°", B10)-1)/60)
+(MID(B10,FIND("'",B10)+1,FIND("""",B10)- FIND("'", B10)-1)/3600

Pro's:
Don't need VBS, or to split the lat/long into separate cells
Spacing between values doesn't matter (empty space is easy to deal with, if excel doesn't automatically).

Con's:
It is fragile. Breaks when someone uses the wrong delimiter for degrees, minutes seconds (°, ', "), but those are easy to find and fix - someone that fails at their data entry is not my problem in this case.
Though the fragility is my 'detect problem' case. #VALUE! cells are easily parsed out of the output, for which I can take it up with the data provider in the first place.

No numerical errors so far across 132 pairs of DMS lat/long values. Hooray.

Coming up next, probably a rant about TCP Bandwidth Delay Product.

Red Balloon

Holy heck... I have a blog.

Quick rant and post, more details on life after the break.

I'm extremely impressed with Junipers SRX300. Price, performance, features, are amazing.
Ordered up one of said SRX300's for my home lab, to replace my EOL'd SRX100B.

I can hear the Mikrotik and Ubiquity fans jumping up and down, but no... just no. Given the choice, I'd install OpenBSD on an APU2, before trusting Ubiquity or Mikrotik to do anything more than bridge frames, which they do poorly at that. Even then...

Related, mental note for RANCID command restriction within TACACS for Juniper/JunOS devices.
RANCID needs these, or it breaks expect:

  • 'set cli complete-on-space off'

  • 'set cli screen-length 0'

Set CLI commands are pretty tame, so you could safely get away with;

user rancid {
  service = junos-exec {
   local-user-name = your-standin-local-user
   allow-commands1 = "(show .*)"
   allow-commands2 = "(exit)|(quit)"
   allow-commands3 = "(set cli .*)"
   deny-commands = ".*"
  }
}

Let's see, other stuff... other stuff...
I put pi-hole on a beaglebone black to try it out. I learned many, many things. The experience was painful, and wasted many, many, many hours of my time. However, given how out of touch with Linux I am these days, I could attribute it to a lack of practice and knowledge surrounding how ruined the Linux landscape has truly become.
Honestly, my last foray was with Gentoo, before the portage tree was opened up to volunteers that immediately broke everything, which forced me to slackware.
I'll admit it, I was a Gentoo-ite, obsessed with kernel size. 714k of kernel, man! And another 6% FPS increase in glxgears! WOO! Pretty sure I got it much smaller once, but honestly now, who cares...

As for the things I learned, the highlights:

  • You can't just use ifconfig out of the box any more
  • no tcpdump in the 1.8gig base install. This is just plain unforgivable
  • The concept of editing resolv.conf, and expecting it to work is apparently dead
    • Side note so I remember: have to piss around with 'resolvconf' and resolv.conf.tail

      • Additional side note: Forget about resolv.conf entirely if you updated Debian to jessie, which apparently excludes the resolvconf binary. Download the rpm on another box with working DNS to proceed
  • There is no fstat, so use 'pstat -apn' to figure out what PID's are squatting on what sockets
  • Oh god systemd, why?!
    • completely ignore init.d. Look at systemctl, and then proceed to spit tea at monitor, and then remove hair with clenched fists.

I can't help thinking I could have just setup unbound in the first place, since I don't really care about the Pi-hole GUI.
Next steps, repeat the experiment with OpenBSD and unbound.

Juicy Wiggle

Oh yeah, I have a blog... geeze.

Been busy re-wiring the new house. Mostly done. Furnace tried to burn the house down when the blower motor blew and the breaker failed. Pictures to come in the spring I guess.

I've run into this a few times on some of our production OpenBSD boxes now, and I'm always spending too much time remembering how to fix it:

arpresolve: 10.10.10.1: route without link local address

Usually caused because:
The address in the log message was probably deleted and re-added, or moved to a different interface.

To fix:
Find, delete, and re-add all the static routes pointing at the host it's complaining about as you probably have some statics on the box for re-distribution or other dumb tricks

It seems bug-ish to me, since for all intensive purposes nothing's actually broken. It just spams your syslog a few hundred times a second (or more if your box is really busy).
Filed under the to-investigate-further-someday pile.

Outlines

Quick post today.
Will probably have something to say about my new house, and the options I'm looking at for a NAS / AppleTV streaming appliance eventually.
Have some pictures of my trip to the Kootenay's to post too at some point or something.

So, I keep forgetting how to do this:
How to move bridge-group 1 around on v15 Cisco Aironet's, as they are a pain in the rear. You used to be able to just replace bridge-group 1 with another, but now you get:

Interface already configured within Bridge Group 1.

So that's super helpful. The good news is it can still be moved to somewhere mostly useful. However - the destination interface must be configured with dot1q native. That, of-course, blows big wind. Thanks Cisco!
But hey - at least it's something, and can let the rest of your configs make sense.

To summarize the steps;

  • Add Interface.foo subinterface
  • Configure for dot1q encapsulation foo native
  • Move bridge-group 1 to the new interface.foo subineterface
  • Success!

And here it is in action, with gratuitous failure attempts for context.

ap>enable
ap#sh int desc
Interface                      Status         Protocol Description
BV1                            down           down
Do0                            admin down     down
Do1                            admin down     down
Gi0                            up             up
ap#sh bridge verbose

Total of 300 station blocks, 299 free
Codes: P - permanent, S - self

Flood ports (BG 1)           RX count    TX count
Dot11Radio0                         0           0
Dot11Radio1                         0           0
GigabitEthernet0                   95           0
ap#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
ap(config)#int gi0.4
ap(config-subif)#encapsulation dot1Q 4
ap(config-subif)#bridge-group 1

Configuration of subinterfaces and main interface
within the same bridge group is not permitted
ap(config-subif)#int gi0
ap(config-if)#no bridge-group 1
%command not allowed, cannot remove bridge-group 1
ap(config-if)#bridge-group 4

Interface already configured within Bridge Group 1.

ap(config-if)#int g0.4
ap(config-subif)#encapsulation dot1Q 4 nativ
ap(config-subif)#bridge-group 1
ap(config-subif)#^C
ap#sh run int g0.4
Building configuration...

Current configuration : 151 bytes
!
interface GigabitEthernet0.4
  encapsulation dot1Q 4 native
  bridge-group 1
  bridge-group 1 spanning-disabled
  no bridge-group 1 source-learning
end

ap#sh run int g0
Building configuration...

Current configuration : 59 bytes
!
interface GigabitEthernet0
  duplex auto
  speed auto
end

ap#sh bridge verbose

Total of 300 station blocks, 299 free
Codes: P - permanent, S - self

Flood ports (BG 1)           RX count    TX count
Dot11Radio0                         0           0
Dot11Radio1                         0           0
GigabitEthernet0.4                  3           0

ap#

Недетское время

So, fluctuator has been shut-down. The 510 chassis soon to be re-purposed for greater things.

In doing so, I've merged and updated a pile of my VM's. Down to 4 from 7, which is a good start.
To that end, this is more of a token post to test that stuff is still working from all the migrations last night.

So... here's some random junk:


Me: oh god. I win moron of the week award.
Co-worker: You are the greetest!
(Inane chatter about my oversight)
Co-worker: I'm also not smarting today. Going to coffee my brain
Me: Huh...
TOKENHOSTNAME-S01#sh env all
FAN is OK
Internal POWER supply is FAULTY
RPS is NOT present

TOKENHOSTNAME-S01#sh inv
NAME: "TOKENHOSTNAME-S01", DESCR: "Cisco Catalyst c2950 switch with 24 10/100 BaseTX ports"
PID: WS-C2950-24 , VID: H0 , SN: SOMESERIALNO

TOKENHOSTNAME-S01#

Me: I may be having an off day, but that seems slightly strange.
Co-worker: Hmm, should be proactive and HAHAHAHA

Also, this looks incredibly interesting. I've had a song on my iPod by them for ages, but never realized they're basically a carnival stage-acting band type delay.
Wicked cool.

Slamboree - Zorba the remix

I Can See It In Your Face

Just found these 3D Futurama things. They definitely do it justice.

And now for something plausibly interesting… maybe.
Finally updated my random image thing which was long, long, long overdue. Pulls images out of an SQL index instead of cramming an array full of filenames and paths after scanning the disk. Every. Single. Time. The. Page. Was. Accessed.
It's improved load times significantly. Also put in the ubiquitous image access function while I was at it, so I can stop hard-linking to files in my random folder which break if I move things around.
Now I just need to find a way to safely import custom functions into Drupal, and I'll be set.

Moar random phpipam jargin. Stuff I had to do to make the ping scan, and alive host detection in phpipam work on OpenBSD after the 1.0 release:

functions/functions-common.php assumes your php executable will be 'php'. OpenBSD's 5.3 package binary is php-5.3. Yeah, I know - I need to update from 5.3. So sue me.
Quickest fix which will break next time I update base and the package tree

sudo ln -s /path/to/php-5.3 /same/path/php

Also, the ping binary included in base need the timeout switch and number to be tweaked.
Patch for OpenBSD base's 'ping' binary:

--- functions-network.php.orig  Fri Sep 26 23:57:57 2014
+++ functions-network.php       Sat Sep 27 00:05:41 2014
@@ -2906,8 +2906,8 @@
        }
        else {
                //set ping command based on OS type
-               if(PHP_OS == "FreeBSD" || PHP_OS == "NetBSD" || PHP_OS == "OpenBSD")    { $cmd = "$pathPing -c $count -W ".($timeout*1000)." $ip 1>/dev/null 2>&1"; }
-               elseif(PHP_OS == "Linux")                                                                                               { $cmd = "$pathPing -c $count -w $timeout
$ip 1>/dev/null 2>&1"; }
+               if(PHP_OS == "FreeBSD" || PHP_OS == "NetBSD")                           { $cmd = "$pathPing -c $count -W ".($timeout*1000)." $ip 1>/dev/null 2>&1"; }
+               elseif(PHP_OS == "Linux" || PHP_OS == "OpenBSD")                        { $cmd = "$pathPing -c $count -w $timeout $ip 1>/dev/null 2>&1"; }
                elseif(PHP_OS == "WIN32" || PHP_OS == "Windows" || PHP_OS == "WINNT")   { $cmd = "$pathPing -n $count -I ".($timeout*1000)." $ip 1>/dev/null 2>&1"; }
                else  { $cmd = "$pathPing -c $count -n $ip 1>/dev/null 2>&1"; }

Ride My Tempo

So. I have yet another new toy. Granted, this is my first real toy toy.
I didn't even really want it, like want want it.
Nor was I looking for it.
Was humouring the sales guy at the car dealer, who was busy trying to sell me on a Tuscon, Santa Fe, or Genesis. The aforementioned three are pretty weak compared to the Volvo.
"So, I'll try the next trim-level Genesis, maybe it'll be better than the base." I says.
"Let me take a look around the used lot, while you check if there's one free to drive." I says.
"Huh... a Lancer. Nice. Wait… that's an Evolution. Wonder which salesman owns that. …No plates? Uh… Hey! What's up with this Evo?"
There you go. That's the story of how the downpayment for anther house became a toy, and enough debt to keep me from just up and stopping from going to work suddenly. At least for a little while.
It's been a while since I've driven a standard. This one came with a racing clutch among other things, which I proceeded to stall about 5 times on the test-drive.
Since acquiring it 5+ weeks after making payment, the number of stalls has increased to a total of 21 over the span of two days, though the rate at which they occur has decreased exponentially.
Just in time for fall and winter. Smart.

Replaced an old Soekris at work couple weeks back. Poor old thing had 1388 days of uptime.
Alas, the replacement was necessary to turn a previously abandoned transmission site isolated on a 3rd party's network, into a customer-ready site, jerry-rigged into our AS.

Took a wee bit of fiddling, but found the right knobs to tweak to replicate some of the tricks we use on our cisco boxes to make management happen in stupid places without the hardware or budget to do it properly.
Probably easier to just use BGP for the whole deal, but our OSPF RIB is already polluted with so much garbage from all the bad ideas that were pushed into production over the years anyway. As such, it's becoming the dumping ground for bad (albeit, fun) ideas like this one.

Relevant config here for future self-reference - obviously, severely obfuscated from the production environment.
The keen observer will notice that there's no IPSEC here. Because of company policy to drive end-of-life equipment into the ground, we lack sufficient resources for shaping or ACL's, let alone crypto at our aggregators. My gif(4) and IPSEC experiments will have to wait until I have sufficient boxes, and enthusiasm to pursue this of my own accord.

The diagram:

On the Cisco:

!
interface Loopback254
  description Public tunnel termination interface
  ip address 172.20.254.254 255.255.255.255
!
interface Loopback101099
  description 1010 Fake St, Nutley. Z-end network
  ip address 10.10.99.1 255.255.255.255
!
interface Tunnel101099
  description 1010 Fake St, Nutley. Management tunnel
  ip unnumbered Loopback101099
  ip mtu 1476
  ip ospf 1 area 10.10.99.0
  tunnel source Loopback0
  tunnel destination 192.168.99.223
!
router ospf 1
  router-id 172.20.254.254
  area 10.10.99.0 stub no-summary
!
end

On the Soekris:

bsd~ grep inet /etc/hostname.vlan99
inet 10.10.99.0 255.255.255.0 NONE up

bsd~ cat /etc/hostname.gre0
192.168.99.223 172.20.254.254 netmask 255.255.255.255 link0
tunnel 192.168.99.223 172.20.254.254
inet alias 10.10.99.2 255.255.255.255
up
# Alias and static route to R01. Without these, ospfd sends hello's directly out the
# upstream interface un-encapsulated, instead of over the tunnel
!route add -host 10.10.99.1 -iface 10.10.99.2

bsd~ sudo cat /etc/ospfd.conf
router-id 10.10.99.254
area 10.10.99.0 {
        stub

        interface gre0:10.10.99.2
        interface vlan99:10.10.99.254 {
                passive
        }
}

Less the underlying config for a happy BSD and Cisco box (Routing tables, outbound interfaces, etc…), you should wind up with something along these lines;

bsd~ ospfctl show neighbor
ID              Pri State        DeadTime Address         Iface     Uptime
172.20.254.254  1   FULL/P2P     00:00:34 10.200.6.1      gre0      31m

On paper, this looks goofy as all hell, but is a fun way to exploit the longest prefix wins rule. Plus, our IGP tables are already polluted with far, far worse garbage that won't be going away any time soon. The real world has a habit of destroying all hope one had of running an efficient, clean, easy to manage network.
One caveat is access to/from our NMS. Since the amount of impact and network noise from this cruft is limited by the stub, a static route was necessary (Augh!).
Also, now that I think about it, the 'ip unnumbered loopback' in the example is a left-over from plastering this over top of multiple tunnels to the same site. Here, it's un-necessary.
That said, learn from my tomfoolery. Just because you can, don't… just don't. Do not do this to your network.

Moving right along.

I'm loving this album. Having watched the music videos, I recollect having watched them late last year as they were being released. I don't recall enjoying the songs nearly as much then as I do now.
Weird.

Long post is long. Here, have a music video.

Magic Carpet Ride

Seems I broke my search indexer yonks ago. It's been fixed, so yay.

Dusted off one of the random project ideas I mentioned some time back, and actually got around doing something useful beyond the initial proof-of-concept.
Successes so far:

  • Registered my iPad, and Galaxy S4 as SIP stations
  • Inbound call forwarding from the PSTN to all active SIP clients
  • Outbound calling from SIP clients to the PSTN

Problems to solve next:

  • Stop my iPad's IPSEC VPN from disconnecting every time it's idle for more than 2 minutes
  • Find a VPN setup or App that'll work with my useless bloody S4
  • Decipher and set-up voicemail
  • Find a SIP client that doesn't blow big wind

By far and away, the biggest headache was daisy-chaining my 2811's voice-port off an analogue port on the office's phone system. However, having succeeded, I'm able to intercom co-workers from wherever I have wifi connectivity which is worth the price of admission right there.

The good folks at Juniper are doing a good job of keeping me happy. I received the EX2200-C-12T-2G for my collection of lab hardware today. Now I'm half inclined to ditch the 1811 in front of *.sarlok.com, and shunt everything to my SRX100 to force familiarity levels beyond the casual mark.
However, now that most of my voice proof-of-concept is out of the way, the 2811 could probably replace it too…

Also, damn you iTunes. Damn you to hell… why don't you have this song?


Honey Dove

Gah. Unenthused sarlok is unenthused.
Warning: This post may have no meaning beyond providing a brief interlude to my current lapse of boredom.

I fixed a frick-load of broken URL's spread across my blog posts of old, most of which I broke myself after re-jigging the random images folder. Wound up splitting the one monster folder into several subs to cut back on disk chatter.
Hindsight, having fixed the broken links, I'm now re-thinking my choice of hard-coding paths and images, and have some idea for a permalink that should be sane enough to keep up with auto-filing image folders… maybe by the time my next post is done.

My new toy.
Spontaneous purchase was spontaneous. My old bow was already fast at ~320fps.
Splurged on some nice light 250 grain arrows to go with the new bow though.

My new other toy.
My initial observations were how amazingly well built the thing is. I thought Dell and IBM's servers were well made, but after cracking the T2000 open… It's very, very nice.
Master plan is to move *.sarlok.com to the T2000, and re-purpose fluctuator as a storage backend on account of the 8 drive-bays.
That aside, this made me chuckle seeing it for the first time post-install.
I especially love how base has fewer processes than there are cores… well, threads I guess - but still.

root@sparksmith:~ # uname -a
OpenBSD sparksmith.sarlok.com 5.6 GENERIC.MP#166 sparc64
root@sparksmith:~ # top -d1
load averages:  0.12,  0.19,  0.14    sparksmith.my.domain 19:46:57
26 processes: 24 idle, 2 on processor
CPU00 states:  0.0% user,  0.0% nice,  0.3% system,  0.8% interrupt, 98.9% idle
CPU01 states:  0.0% user,  0.0% nice,  0.2% system,  0.0% interrupt, 99.8% idle
CPU02 states:  0.1% user,  0.0% nice,  0.1% system,  0.0% interrupt, 99.8% idle
CPU03 states:  0.1% user,  0.0% nice,  0.1% system,  0.0% interrupt, 99.8% idle
CPU04 states:  0.0% user,  0.0% nice,  0.2% system,  0.0% interrupt, 99.8% idle
CPU05 states:  0.0% user,  0.0% nice,  0.1% system,  0.0% interrupt, 99.9% idle
CPU06 states:  0.0% user,  0.0% nice,  0.2% system,  0.0% interrupt, 99.8% idle
CPU07 states:  0.0% user,  0.0% nice,  0.2% system,  0.0% interrupt, 99.8% idle
CPU08 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100% idle
CPU09 states:  0.0% user,  0.0% nice,  0.5% system,  0.0% interrupt, 99.5% idle
CPU10 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100% idle
CPU11 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100% idle
CPU12 states:  0.1% user,  0.0% nice,  0.0% system,  0.0% interrupt, 99.9% idle
CPU13 states:  0.0% user,  0.0% nice,  0.1% system,  0.0% interrupt, 99.8% idle
CPU14 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt, 99.9% idle
CPU15 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100% idle
CPU16 states:  0.0% user,  0.0% nice,  0.1% system,  0.0% interrupt, 99.8% idle
CPU17 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100% idle
CPU18 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100% idle
CPU19 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100% idle
CPU20 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100% idle
CPU21 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100% idle
CPU22 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100% idle
CPU23 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100% idle
CPU24 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100% idle
CPU25 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100% idle
CPU26 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100% idle
CPU27 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100% idle
CPU28 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100% idle
CPU29 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100% idle
CPU30 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100% idle
CPU31 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100% idle
Memory: Real: 26M/110M act/tot Free: 31G Cache: 25M Swap: 0K/4097M

  PID USERNAME PRI NICE  SIZE   RES STATE     WAIT      TIME    CPU COMMAND
6537 root       2    0 4440K 4096K idle      select   11:09  0.00% sshd
15852 _smtpd     2    0 2184K 3152K sleep     kqread    0:29  0.00% smtpd
5908 _smtpd     2    0 1848K 2384K sleep     kqread    0:29  0.00% smtpd
5247 _smtpd     2    0 2216K 2624K sleep     kqread    0:29  0.00% smtpd
28491 root      10    0  712K 1472K idle      wait      0:27  0.00% man
28367 root       2    0 4240K 4088K sleep     select    0:22  0.00% sshd
25118 _pflogd    4    0 1120K  400K sleep     bpf       0:12  0.00% pflogd
16328 _spamd     4    0 1176K 1160K sleep     bpf       0:11  0.00% spamlogd
2506 root       3    0  712K 1416K idle      ttyin     0:04  0.00% getty
31521 _syslogd   2    0  960K 1152K sleep     poll      0:01  0.00% syslogd
    1 root      10    0  864K  528K sleep     wait      0:01  0.00% init
29136 root       2    0 2088K 2504K idle      kqread    0:01  0.00% smtpd
27422 root      18    0  928K  784K sleep     pause     0:00  0.00% ksh
11990 root       2    0 1536K 1736K idle      select    0:00  0.00% sshd
32385 root      18    0 1024K  776K idle      pause     0:00  0.00% ksh
17628 _smtpq     2    0 2112K 2688K sleep     kqread    0:00  0.00% smtpd
17078 _smtpd     2    0 2112K 2680K sleep     kqread    0:00  0.00% smtpd
5727 root       2    0 1168K 1424K idle      select    0:00  0.00% cron


Let's see… what else has been randomly interesting of late…
I blew half-an-hour chasing down some random problems with our internal mediawiki at work. I was surprised, and amused by the cause of a phantom reset packet. Probably would have caught on sooner if I decided to tcpdump right off the bat and saw said reset, but oh-well.
Turns out, copy-pasta of a unidiff one-liner for an unprivileged user from master.passwd into the wiki page body for documentation didn't get past the ASA IPS module sitting at the edge of a number of our servers.

evIdsAlert: eventId=1379435087058567927  vendor=Cisco  severity=medium  alarmTraits=32768
  originator: 
    hostId: sensor
    appName: sensorApp
    appInstanceId: 1178
  time: Jul 04, 2014 21:34:24 UTC  offset=-420  timeZone=UTC
  signature:   description=Unix Password File Access Attempt  id=3201  version=S238  type=vulnerability  created=20010202
    subsigId: 3
    sigDetails: [ \x26=?.]/etc/master.passwd[ \x26=?]
  interfaceGroup: vs0
  vlan: 0
  participants: 
    attacker: 
      addr: 1.2.3.4  locality=OUT
      port: 29983
    target: 
      addr: 10.0.0.10  locality=OUT
      port: 80
      os:   idSource=learned  type=bsd  relevance=relevant
  actions: 
    droppedPacket: true
    deniedFlow: true
    tcpOneWayResetSent: true
  context: 
    fromAttacker:000000  3A 73 74 61 63 6B 73 69  7A 65 2D 63 75 72 3D 38  :stacksize-cur=8
000010  4D 3A 5C 0D 0A 2B 20 20  20 20 20 20 20 20 3A 6C  M:\..+        :l
000020  6F 63 61 6C 63 69 70 68  65 72 3D 62 6C 6F 77 66  ocalcipher=blowf
000030  69 73 68 2C 38 3A 5C 0D  0A 2B 20 20 20 20 20 20  ish,8:\..+   
000040  20 20 3A 74 63 3D 64 65  66 61 75 6C 74 3A 0D 0A    :tc=default:..
000050  65 2D 2D 2D 2D 2D 40 72  2D 2D 2D 2D 2D 3A 7E 20  e-----@r-----:~
000060  24 20 20 73 75 64 6F 20  64 69 66 66 20 2D 75 20  $  sudo diff -u
000070  2F 76 61 72 2F 62 61 63  6B 75 70 73 2F 6D 61 73  /var/backups/mas
000080  74 65 72 2E 70 61 73 73  77 64 2E 63 75 72 72 65  ter.passwd.curre
000090  6E 74 20 2F 65 74 63 2F  6D 61 73 74 65 72 2E 70  nt /etc/master.p
0000A0  61 73 73 77 64 0D 0A 2D  2D 2D 20 2F 76 61 72 2F  asswd..--- /var/
0000B0  62 61 63 6B 75 70 73 2F  6D 61 73 74 65 72 2E 70  backups/master.p
0000C0  61 73 73 77 64 2E 63 75  72 72 65 6E 74 20 20 53  asswd.current  S
0000D0  61 74 20 41 70 72 20 20  35 20 30 31 3A 33 30 3A  at Apr  5 01:30:
0000E0  31 34 20 32 30 31 34 0D  0A 2B 2B 2B 20 2F 65 74  14 2014..+++ /et
0000F0  63 2F 6D 61 73 74 65 72  2E 70 61 73 73 77 64 20  c/master.passwd

(output trimmed)


No music video today, and I had nothing more to say, so… Attack cat, ATTACK!

Bouncy Bouncy

Well, this has been well overdue, and yet, it still turned into a discordant mess of random junk.
I did something constructive! I draw your attention to the tag cloud widget to the right. Haven't touched that java thing in ages though.

This was fun to read, and somewhat insightful.

Vacation was relatively uneventful. Flew to Calgary and met up with Theo, and took the opportunity to get some tech into his hands. I'm not sure if I should be happy, or annoyed that I enjoyed the two outings with him significantly more than that of my entire week in Ireland. I feel far less intelligent myself now having met the fellow, though was quite humbling - and enjoyable - to see some Beaker impressions bust loose while talking about FreeBSD in the pub.
Was entirely too nervous to ask for a photo… ahwell, maybe next time.

Okay, on with the completely random noise. Things I found myself exclaiming while playing Don't Starve.
"Nooo! My bees!"
"Help! Wake up and help me you stupid pigs!"
"Get away from my berry bushes you damn gobbler!"
"AHH! What the frick is that? Going insane sucks!"
"WUAH! *trackball goes flying*"

Nothing else in particular to say, so... here's a word I'm desperately trying to be able to say without pausing to think.
 Человеконенавистничества!

And, something completely random and stupid:
co-worker: Your ARP thing might be related to S01 fa0/46 showing amber, connected to L01 fa0/1/8
me: I'm watching a tcpdump, waiting for 16:30 to roll around to see if that tells me anything more useful.
me: Not the winrar, but still equally amusing:
16:13:26.391799 00:11:22:33:44:55 ff:ff:ff:ff:ff:ff 0806 60: arp who-has 10.10.10.2 (ff:ff:ff:ff:ff:ff) tell 10.10.10.2
16:13:26.602404 00:11:22:33:44:55 ff:ff:ff:ff:ff:ff 0806 60: arp who-has 10.10.10.2 (ff:ff:ff:ff:ff:ff) tell 10.10.10.2
co-worker: PM3 is old and dumb
me: Heheh. Almost as good as the Axxceleras. They generate a completely whacked out source-MAC address when they ARP for themselves.
me: And by dumb, I'm sure you mean enterprise-y

Also, yay, and stuff.