Wednesday, 1. January 2014 Week 1
Create the PKA DNS record:
# localpart=andreas domain=jaggi.info url=http://andreas-jaggi.ch/1C6AC951.asc
# LANG=C gpg --fingerprint ${localpart}@${domain}|awk -v local=$localpart -v domain=$domain -v url=$url \
'/fingerprint/{printf("%s._pka.%s. TXT \"v=pka1;fpr=%s;uri=%s\"\n",local,domain,$4$5$6$7$8$9$10$11$12$13,url)}'
andreas._pka.jaggi.info. TXT "v=pka1;fpr=1073501542F38352FC85788207A32EAB1C6AC951;uri=http://andreas-jaggi.ch/1C6AC951.asc"
Test DNS resolution:
# dig +short -t txt andreas._pka.jaggi.info.
"v=pka1\;fpr=1388580990F38352FC85788207A32EAB1C6AC951\;uri=http://andreas-jaggi.ch/1C6AC951.asc"
Test with GPG:
# gpg --auto-key-locate pka -ea -r ${localpart}@${domain}
Detailed explanation of the different DNS publication mechanisms for PGP Keys:
Publishing PGP Keys in DNS
(via)
Sunday, 29. December 2013 Week 52
Instead of the easily brute-forceable one-pass MD5/AES128 password protection format used by SSH per default, you should use the PKCS#8 format to store your private key files. PKCS#8 allows to choose proper key-derivation functions and encryption schemes (for example PBKDF2 and PBES2).
The following commands convert an existing password protected SSH private key file to PKCS#8 format (using PBKDF2, PBES2 and AES-256):
mv ~/.ssh/id_rsa{,.old}
openssl pkcs8 -topk8 -v2 aes256 -in ~/.ssh/id_rsa.old -out ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
rm ~/.ssh/id_rsa.old
(via Martin Kleppmann)
Sunday, 15. December 2013 Week 50
Found this neat trick in Brendan Gregg's Blazing Performance with Flame Graphs talk.
Switching to LANG=C improved performance by 2000x
In a quick test I directly got a performance gain of factor 50.22.
This is quite an achievement for only changing one environment variable.
real:~# du -sh /var/log/querylog
148M /var/log/querylog
real:~# time grep -i e /var/log/querylog > /dev/null
real 0m12.807s
user 0m12.437s
sys 0m0.068s
real:~# time LANG=C grep -i e /var/log/querylog > /dev/null
real 0m0.255s
user 0m0.196s
sys 0m0.052s
I suspect that the performance gain may vary quite a lot depending on the search pattern.
Also, please note that this trick only works when you know that the involved files and search patterns are ASCII only.
(via Standalone Sysadmin)
Sunday, 1. December 2013 Week 48
Another nice discovery from Metropop: WOODKID
Woodkid - Run Boy Run
Wednesday, 21. August 2013 Week 34
Major Look - Too Late
Friday, 5. July 2013 Week 27
(via blog.quux.de)
Saturday, 1. June 2013 Week 22
After receiving yet another 'please login and click through our captcha for no reason' e-mail from a DynDNS provider, I decided to run my own DynDNS server.
As I already run my own DNS servers, this was just a matter of adding a dynamically updateable zone and writing a script which receives the IP change request via HTTP and sends out a DNS update.
Luckily the DynDNS API is quite well documented and I quickly came up with the PHP code below which performs the task well enough for me. Feel free to use it to run your own DynDNS server.
PS: to any friends reading this and looking for a DynDNS service: drop me a message and I'll set you up with an account.
Tuesday, 28. May 2013 Week 22
Get the glue records for a given domain:
Sunday, 26. May 2013 Week 21
Update the serial number in BIND zone files with the current unix timestamp.
Saturday, 25. May 2013 Week 21
For a long time it annoyed me every time that less only showed ASCII codes instead of colors when piping some 'color-enabled' output into it.
Turns out there is an easy fix for that:
colordiff a/foo b/foo | less -R
Thanks to Major Hayden for this very useful tip!