The articles below are on various topics, though the majority are focused on some aspect of systems administration.
Quick background: Fail2ban scans system logs looking for entries that indicate network connections with malicious intent. When it finds enough such entries from a given IP address, it adds a firewall rule that blocks connections from that address for a given period of time.
In CentOS and Debian, Fail2ban is normally configured with a ban time of 600 seconds (10 minutes). That’s a safe default if you’re worried about locking yourself out of your system, but I don’t think it’s long enough to ward off persistent or obnoxious attackers.
This is the first of what I hope will become a series of posts that highlight useful command-line computing utilities. Sometimes (like this post), the focus will be on what I consider to be relatively obscure programs; at other time, I’ll focus on obscure features of commonly used utilities.
This post is dedicated to a pair of Mac OS X utilities:
pbpaste. The “pb” is both stands for “pasteboard”: they are command-line programs to getting content to and from the Mac clipboard.
I recently updated both my work and home Macs to OS X 10.10, aka Yosemite. As with most OS upgrades, little changes have accompanied the marquee upgrades. In particular, Yosemite has yet another way to flush the local DNS cache.
A friend sent me a message recently asking about the advisability of assigning a DNS
AAAA record (for an IPv6 address) to a computer’s current IPv6 address. He wrote, One thing that I wasn’t certain about with IPv6 was whether or not this address could/would change in the future. As such, I wasn’t sure if I should create the AAAA record using it. Fun!
I knew that machine in question runs Linux and that it acts as a server, always running on the same firewall-protected network.
His question gets to an interesting thing, and configurable too.
I was recently asked to assist someone install the newest Haskell Platform on a CentOS 6 machine. Mind you, the point of the Haskell Platform releases is to make it easier to get a complete Haskell development environment. I suppose it’s easier if you’re running a Linux distribution for which there are pre-built Haskell Platform binary releases. CentOS 6 is not one of those favored distributions, however, and the procedure was much, much harder than it should have been.
Like any other web server on the Internet, mine is frequently the target of IPv4-based scanning attacks. The scanner just polls address after address and starts looking for vulnerabilties (or whatever) as soon as it sees signs of life on TCP port 80.
Apache has a quirk that allows you to mostly ignore these scanners, as long as you’re willing to use a virtual host for your web service.
You’re on the road, connected to a wi-fi network you don’t trust, and you want to do some web browsing without having your traffic sniffed. A VPN connection would solve the problem, but all you really want is to keep your web session from prying eyes.
If you have three things, you’re in luck:
I kicked off the iOS 8 update on my iPhone 4S at 11:40 this morning. The download (all 940 GB of it) took a reasonable amount of time, given the network connectivity at work.
Then the installer spent roughly 45 minutes “preparing” the installation.