blog

Terraform depends pattern without depends_on. Or how to use hcl to leverage its interal dependancy handling, to to hard things for you. We are going to use an example of an aws sqs queue, dlq, and queue policy all strung together. The issue that I ran in to was I wanted to create all of these using a single list of words as my seed values. Then the issue arose around using a for_each with a dynamic resource group when terraform would need group 1 to be appied before it knew what to setup for group 2....

Yea it has been a long time since I wrote notes and things but I feel like there are some things to take note on. EC2 things of interest reading the userdata of an instance There are plenty of times that I need to see what the userdata looks like of my instance. ssh into the box. curl http://169.254.169.254/latest/user-data simple as that curl http://169.254.169.254/latest/user-data #!/bin/bash .... rerunning userdata You should really never rerun userdata but if you are debugging things and need to do things....

Some git notes I like git I user git a lot, I did not know about CODEOWNERS, this is a nice feature. automatic PR approver to a repo Adding codeowners can allow for automatic PR approvers for branches or all things github.com about-code-owners You can use a CODEOWNERS file to define individuals or teams that are responsible for code in a repository. To use a CODEOWNERS file, create a new file called CODEOWNERS in the root, docs/, or ....

need moar ebs AWS EBS volumes. Yes I know that everything in AWS should be immutable and disposable. But sometimes they aren’t. We don’t need to go into the philosophical rammifcations of that what we need is a fix. First we find the instance, then the volume, then we grow the volume in aws, then we grow the volume on the box Lets go and describe the instance $ aws ec2 describe-instances --filters Name=tag:Name,Values='MyMagicServer' | jq '....

docker powershell To prove a point i went out and foudn that there is a microsoft supported docker image for powershell. dockerhub - microsoft this means that running a mac, you can run docker that runs linux and then will let you run powershell.. You must go deeper… ha instant pot dragon head instant pots are pretty rad and there is this little thingverse that will let you have a dragon head for your instant pot, you just need to make sure that you print it with pla so that it does not instamelt when you are releasing the steam dragon head

Systemd restarting A while ago I had a service that would need to be restarted after it had a cool down of about 2 hours… I had a stanza that stated Restart=always RestartSec=7200 which was cool because it would just autorestart when it died. At the time the restart would work just fine after the cooldown. The catch that I ran in to was because of that timer, if I logged in and tried to start it when it was in a failed state, the service would hang....

Outlook is terrible Yes outlook is horrible but when you have to use it, its nice to be able to set defaults that don’t annoy others. One such is the default reminder for the calendar… Most of the time reminders aren’t useful unless they are used sparingly. Let turn them off. change-the-default-reminder-time tick stack and grafana i like the tick stack and it can be useful for a number of things, here is a brief overview of it....

Systemd restart policy sometimes services die. sometimes there is not a better option because of the situatuion that you are in, and you just need to wait it out and then restart the service… I know it isn’t ideal and that there should be better ways around having to do this but hey ¯_(ツ)_/¯ [Service] Type=simple Restart=always RestartSec=3 ExecStart=/path/to/script In my case I needed to wait it out and restart the service 2 hours after it died....

Bash ctrl+r Bash has a special “recall” mode you can use to search for commands you’ve previously run: Ctrl+R: Recall the last command matching the characters you provide. Press this shortcut and start typing to search your bash history for a command. Ctrl+O: Run a command you found with Ctrl+R. Ctrl+G: Leave history searching mode without running a command. keyboard-shortcuts-for-bash-command-shell

Splunk HTTP collector python script Hey the http collector is awesome so let use it in python to send things to stuff… This is going to just take a dictionary as event data and then pass that to the http collector using only the request library . You will need to have a collector enabled for splunk and a token generated. #!/usr/bin/env python import time import requests import urllib3 ##turns off the warning that is generated below because using self signed ssl cert urllib3....

splunking home power What happens when you take Splunk, a wireless smart meter and an api interface? Splunking your entire home’s power main, without touching a single power wire! This allows a whole house view of all the power being drawn in real time. The only requirements are raspberry pi on a network, a splunk instance somewhere and a usb adapter plugged into the PI. Hold on, hold on, whats a smart meter?...

splunk things windows event codes widnwos event codes are impossible to remember luckily there is a lookup out there https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx Lookup from github windows event code stuff, there is also a ton of other windwos docs in there… https://github.com/MicrosoftDocs/windowsserverdocs/blob/master/WindowsServerDocs/identity/ad-ds/plan/Appendix-L--Events-to-Monitor.md splunk and docker https://github.com/splunk/docker-splunk https://github.com/splunk splunk and git https://github.com/Kintyre/ksconf http://www.kintyre.co/uploads/1/0/7/2/107288911/managing_splunk_deployment_with_git_-_philly_splunk_meetup_-_june_2018.pdf

wifi on mac Sometimes you want to know what wifi network you are on from the terminal or in bash for some reason. this can be done with airport and then a little bit of awk loc=$(/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -I | awk '/ SSID/ {print substr($0, index($0, $2))}') echo $loc docker env variables There are these things called build arguments in docker. Sometimes you will want to pass arguments based on your environment....

removing git history sometimes you jsut want to wipe everything from a git repo but you want to hold on to the files. We can do this by following this pattern: – Remove history rm -rf .git – recreate the repos from the current content only git init git add . git commit -m “Initial commit” – push to the github remote repos ensuring you overwrite history git remote add origin git@github....

Kerberoasting! Lets talk about some old security here. Kerberos! This is a couple years old but sadly still works. Kerberos is the authentication system for windows and ad networks. There is an exploit that allows us to get back a poorly encrypted hash of valuable logins all directly from the domain controller, this is done once you have an authenticated user, so it isn’t the main way in but once you have a foothold you can pivot to a more useful account....

router hacking These instructions are only intended for the purpose of being able to install legally licensed firmware on routers you own. Do not use this guide as instructions for violating any patents or copyright laws There is a router out there known as T-Mobile (AC-1900) which is a rebranded ASUS AC1900/68u. The tmobile router sells for $70 and the asus router sells for $130–$170. Whats the difference between these two?...

cia hacking The cia had their hacking tools dumped on the web, no way who would have guessed they had these tools, of course they do and they have. schneier wikileaks_relea mkdir whole paths mkdir -p a/b/c makes the WHOLE path woooo!!! struts 0-day who likes 0-days 0-days happen this one looks fun apache-struts-framework z A tool to jump around directories easily in the terminal with this thing called z github repo z...

git Git should know better and totally commit and add files that I was working on last night. I left an uncommited file sitting on a laptop at my house when I went to work today… Rookie mistake. for ALL the repos $ git config --global user.name "John Doe" $ git config --global user.email "john@doe.org" only for oen repo $ git config user.name "John Doe" $ git config user.email "john@doe.org" git aliases are cool add to your ....

confluence confluence supports some version of markdown, however it is not super compatabiole with jekyll. There is a quick little ruby script that converts your .md files into a text that confluence can handle. markdown2confluence resetting admin passwords on a mac. I was reminded of this loophole topday and though I woudl write it down. how-to-create-a-new-administrator-account PROCEDURE 1. BOOT INTO SINGLE-USER MODE Turn on the computer. Upon hearing the startup chime, hold the key combination CMD+S....

roast Info using the kill-a-watt attached to the router for exact wattage measurements on my 1200 watt poppery II. full heat is 1000 watts with the heating coils fully isolated. Also there is a basic high temp thermometer that is simply dropped in the top ambient air temp is 68 degrees with 25% humidity preheat to 275 which is stable heat at 650 watts fan should be run at 100% but can dial down subtly in order to finely adjust the temps |—+—+—|...