Are you over 18 and want to see adult content?
More Annotations
![A complete backup of https://1stcephalexinnow.com](https://www.archivebay.com/archive6/images/9a90f17e-60cd-48a0-8c8b-bf0b233e3e80.png)
A complete backup of https://1stcephalexinnow.com
Are you over 18 and want to see adult content?
![A complete backup of https://procopywriters.co.uk](https://www.archivebay.com/archive6/images/4b2c3871-7621-4c98-857e-2ac43bd5829d.png)
A complete backup of https://procopywriters.co.uk
Are you over 18 and want to see adult content?
![A complete backup of https://budderweeds.com](https://www.archivebay.com/archive6/images/b77cab63-3836-44a0-992f-752e4318252d.png)
A complete backup of https://budderweeds.com
Are you over 18 and want to see adult content?
![A complete backup of https://jardinns.edu.ar](https://www.archivebay.com/archive6/images/1e2c530d-9e39-4463-a80e-2613738e1501.png)
A complete backup of https://jardinns.edu.ar
Are you over 18 and want to see adult content?
![A complete backup of https://reiseland-brandenburg.de](https://www.archivebay.com/archive6/images/c82bded8-ae5f-4f09-9273-5efece6105b6.png)
A complete backup of https://reiseland-brandenburg.de
Are you over 18 and want to see adult content?
![A complete backup of https://koggenland.nl](https://www.archivebay.com/archive6/images/129d4fe2-2aab-4076-91c1-3f099c27e38c.png)
A complete backup of https://koggenland.nl
Are you over 18 and want to see adult content?
![A complete backup of https://viphouse.rs](https://www.archivebay.com/archive6/images/7ecbd81a-7536-400f-bdc3-c619e348a894.png)
A complete backup of https://viphouse.rs
Are you over 18 and want to see adult content?
![A complete backup of https://football-espana.net](https://www.archivebay.com/archive6/images/0370f5e2-7afe-4914-9537-b3e201e9c690.png)
A complete backup of https://football-espana.net
Are you over 18 and want to see adult content?
![A complete backup of https://napisy.info](https://www.archivebay.com/archive6/images/5a86bf45-3f45-44ac-b9fc-ed76c21188b7.png)
A complete backup of https://napisy.info
Are you over 18 and want to see adult content?
![A complete backup of https://cliomakeup.com](https://www.archivebay.com/archive6/images/4cf80ad0-8ab0-4f46-961b-b6e3aa71b146.png)
A complete backup of https://cliomakeup.com
Are you over 18 and want to see adult content?
![A complete backup of https://vocaleurope.eu](https://www.archivebay.com/archive6/images/a42a4699-3e77-48b9-bd29-aaf5ef87893b.png)
A complete backup of https://vocaleurope.eu
Are you over 18 and want to see adult content?
Favourite Annotations
![A complete backup of noodlemagazine.com](https://www.archivebay.com/archive5/images/c8e13b7a-4a2e-4d09-b67f-8ffd8e941fb6.png)
A complete backup of noodlemagazine.com
Are you over 18 and want to see adult content?
![A complete backup of www.www.vintagemags.org](https://www.archivebay.com/archive5/images/c5d7a9ee-343f-46db-a1cc-0c6b6b213b8b.png)
A complete backup of www.www.vintagemags.org
Are you over 18 and want to see adult content?
![A complete backup of www.muscletease.com](https://www.archivebay.com/archive5/images/4f9f9ae2-5f2d-4310-ba32-797229e09f50.png)
A complete backup of www.muscletease.com
Are you over 18 and want to see adult content?
![A complete backup of www.www.partyflock.nl](https://www.archivebay.com/archive5/images/4aada40a-ebcf-49b2-b42f-713efc404a58.png)
A complete backup of www.www.partyflock.nl
Are you over 18 and want to see adult content?
![A complete backup of www.www.onlytorrents.com](https://www.archivebay.com/archive5/images/beeb4d7e-fd10-4c92-a6e0-695c7685c816.png)
A complete backup of www.www.onlytorrents.com
Are you over 18 and want to see adult content?
![A complete backup of www.www.smart-pays.com](https://www.archivebay.com/archive5/images/ea4d68aa-08ee-4948-9ba3-131424076c91.png)
A complete backup of www.www.smart-pays.com
Are you over 18 and want to see adult content?
![A complete backup of www.www.freudenhaus.de](https://www.archivebay.com/archive5/images/78bb71c3-52a1-45a1-ac70-0bf205edb6da.png)
A complete backup of www.www.freudenhaus.de
Are you over 18 and want to see adult content?
![A complete backup of amandadouglasforcongress.com](https://www.archivebay.com/archive5/images/24af3935-0fa6-419e-8558-6d01da8bd844.png)
A complete backup of amandadouglasforcongress.com
Are you over 18 and want to see adult content?
Text
JAN-PIET MENS
Storing generic passwords in macOS' keychain. I tend to overlook this frequently, so as a note to self, it’s possible to store arbitrary passwords or secrets in the macOS keychain, so as to use them from, say, Shell scripts. From the command line I add an item named myk01which will
JAN-PIET MENS :: CONFIGURE SSH PROXYCOMMAND FOR ANSIBLE The magic is in tower_extra_volumes which sources the secrets created earlier, and tower_task_extra_volume_mounts which creates the actual bind-mount from the secrets. I’ve not found a stich of documentation on this; either term produces two google hits; quite the record. So, I then apply this configuration, and watch how the new pod getsdeployed.
JAN-PIET MENS :: DELOCK MQTT-ENABLED POWER SOCKET SWITCHES Via Kristian came a link to two MQTT-capable and HTTP-enabled power socket switches by Delock: one goes by the model number 11826, and the second is called 11827 and includes energy monitoring. I ordered one of each as it’s been a while since I toyed with stuff, and after all it is almost christmas The taller but slimmer plug on the left is the 11827, and the squatter square one on the JAN-PIET MENS :: THE UNIX MAGIC POSTER I understand the classic UNIX Magic poster by Gary Overacre was distributed at past USENIX conferences, and I’ve known of it for years but now in confinement, I’ve decided I want one to hang in my office.. The poster features a white bearded wizard with UNIX related objects around him, for example a spool of thread, a boot, a fork, pipes, and a bunch of containers labeled troff, awk, diff JAN-PIET MENS :: AN IOS APP UPDATE THAT REALLY ANNOYS ME An iOS app update that really annoys me. Almost a year ago I started using a delightful little iOS app called Receipt Box. It did exactly what I wanted: I could tap in an expense and a category, and the app added a geo location to the expense. I set up a few categories and from then on tapped a Euro value into the app single-handedly (nicebig
JAN-PIET MENS :: ANONYMOUS FTP SERVER ON OPENBSD I’ve been building a few packages for OpenBSD, and being a lazy sort, I thought I’d set up an anonymous FTP server via which the machines I’m working on (the builder and the pristine test candidate) can talk to each other easily.A Web server or an SSH server would have been equally suitable, as the OpenBSD package tools support the HTTP, HTTPS, and SCP URL schemes as well. JAN-PIET MENS :: TIME TO SOLVE: 10800 SECONDS Time to solve: 10800 seconds. I was asked to assist in debugging a strange issue involving a BIND resolver: seemingly correlating with an upgrade to Debian 10 a while ago, the chaps were reporting that their 9.11.5 BIND resolvers where responding with impossible TTLs on NOERROR/NODATA responses. My answer: nope – can’t happen. JAN-PIET MENS :: DIAL A FOR ANSIBLE AND R FOR RUNNER Ansible Runner is a Python library and utility which helps interfacing with Ansible playbook runs and also supports running ad-hoc commands and individual roles. It is used in AWX/Tower as the basis for executing playbooks, and I assume it grew from the original ansible.runner code, but I don’t have evidence.I discovered Ansible Runner (hereafter: Runner) about two years ago but mainly JAN-PIET MENS :: CACHING FACTS IN ANSIBLE Optional expiry of cached entries as well as enabling the cache itself is controlled by settings in ansible.cfg: fact_caching = redis fact_caching_timeout = 3600 fact_caching_connection = localhost:6379:0. By default, fact_caching is set to memory. Configuring it as above, makes Ansible use a Redis instance (on the local machine) as its cache. JAN-PIET MENS :: NETWORK-BOOTING MACHINES OVER HTTPSEE MORE ONJPMENS.NET
JAN-PIET MENS
Storing generic passwords in macOS' keychain. I tend to overlook this frequently, so as a note to self, it’s possible to store arbitrary passwords or secrets in the macOS keychain, so as to use them from, say, Shell scripts. From the command line I add an item named myk01which will
JAN-PIET MENS :: CONFIGURE SSH PROXYCOMMAND FOR ANSIBLE The magic is in tower_extra_volumes which sources the secrets created earlier, and tower_task_extra_volume_mounts which creates the actual bind-mount from the secrets. I’ve not found a stich of documentation on this; either term produces two google hits; quite the record. So, I then apply this configuration, and watch how the new pod getsdeployed.
JAN-PIET MENS :: DELOCK MQTT-ENABLED POWER SOCKET SWITCHES Via Kristian came a link to two MQTT-capable and HTTP-enabled power socket switches by Delock: one goes by the model number 11826, and the second is called 11827 and includes energy monitoring. I ordered one of each as it’s been a while since I toyed with stuff, and after all it is almost christmas The taller but slimmer plug on the left is the 11827, and the squatter square one on the JAN-PIET MENS :: THE UNIX MAGIC POSTER I understand the classic UNIX Magic poster by Gary Overacre was distributed at past USENIX conferences, and I’ve known of it for years but now in confinement, I’ve decided I want one to hang in my office.. The poster features a white bearded wizard with UNIX related objects around him, for example a spool of thread, a boot, a fork, pipes, and a bunch of containers labeled troff, awk, diff JAN-PIET MENS :: AN IOS APP UPDATE THAT REALLY ANNOYS ME An iOS app update that really annoys me. Almost a year ago I started using a delightful little iOS app called Receipt Box. It did exactly what I wanted: I could tap in an expense and a category, and the app added a geo location to the expense. I set up a few categories and from then on tapped a Euro value into the app single-handedly (nicebig
JAN-PIET MENS :: ANONYMOUS FTP SERVER ON OPENBSD I’ve been building a few packages for OpenBSD, and being a lazy sort, I thought I’d set up an anonymous FTP server via which the machines I’m working on (the builder and the pristine test candidate) can talk to each other easily.A Web server or an SSH server would have been equally suitable, as the OpenBSD package tools support the HTTP, HTTPS, and SCP URL schemes as well. JAN-PIET MENS :: TIME TO SOLVE: 10800 SECONDS Time to solve: 10800 seconds. I was asked to assist in debugging a strange issue involving a BIND resolver: seemingly correlating with an upgrade to Debian 10 a while ago, the chaps were reporting that their 9.11.5 BIND resolvers where responding with impossible TTLs on NOERROR/NODATA responses. My answer: nope – can’t happen. JAN-PIET MENS :: DIAL A FOR ANSIBLE AND R FOR RUNNER Ansible Runner is a Python library and utility which helps interfacing with Ansible playbook runs and also supports running ad-hoc commands and individual roles. It is used in AWX/Tower as the basis for executing playbooks, and I assume it grew from the original ansible.runner code, but I don’t have evidence.I discovered Ansible Runner (hereafter: Runner) about two years ago but mainly JAN-PIET MENS :: CACHING FACTS IN ANSIBLE Optional expiry of cached entries as well as enabling the cache itself is controlled by settings in ansible.cfg: fact_caching = redis fact_caching_timeout = 3600 fact_caching_connection = localhost:6379:0. By default, fact_caching is set to memory. Configuring it as above, makes Ansible use a Redis instance (on the local machine) as its cache. JAN-PIET MENS :: NETWORK-BOOTING MACHINES OVER HTTPSEE MORE ONJPMENS.NET
JAN-PIET MENS
Storing generic passwords in macOS' keychain. I tend to overlook this frequently, so as a note to self, it’s possible to store arbitrary passwords or secrets in the macOS keychain, so as to use them from, say, Shell scripts. From the command line I add an item named myk01which will
JAN-PIET MENS :: TIME TO SOLVE: 10800 SECONDS Time to solve: 10800 seconds. I was asked to assist in debugging a strange issue involving a BIND resolver: seemingly correlating with an upgrade to Debian 10 a while ago, the chaps were reporting that their 9.11.5 BIND resolvers where responding with impossible TTLs on NOERROR/NODATA responses. My answer: nope – can’t happen. JAN-PIET MENS :: ENTROPY: RANDOM DATA FOR DNSSEC Creating DNSSEC keys requires a lot of random data. If you run dnssec-keygen and it appears to hang (particularly when on a virtual machine), the program is actually waiting for entropy (i.e. “randomness”) to be made available in /dev/random. (For dnssec-keygen this can actually be faked, by passing the program a file from which it should consume the random data, but I certainlydon’t
JAN-PIET MENS :: DNS OPEN ZONE DATA root zone. First of all, the root zone is obtainable out of band via the IANA Root Files site, in particular the Root Zone File. If all you need is a list of the 1500 Top-Level Domains get those by themselves. RFC 8806 documents how to run a Root server local to a resolver, in other words, you can easily zone transfer the root zone. JAN-PIET MENS :: STORING GENERIC PASSWORDS IN MACOS' KEYCHAIN Storing generic passwords in macOS' keychain. I tend to overlook this frequently, so as a note to self, it’s possible to store arbitrary passwords or secrets in the macOS keychain, so as to use them from, say, Shell scripts. From the command line I add an item named myk01 which will contain generic password with. $ security add-generic JAN-PIET MENS :: REVISITING THE POWERDNS "BIND" BACK-END Configured to use the bind back-end, PowerDNS reads zone master files directly off the file system without requiring a heavy-duty relational database system. PowerDNS with the bind back-end runs in one of two modes: a hybrid mode in which it stores DNSSEC -related configuration in a separate back-end (e.g. MySQL or PostgreSQL) JAN-PIET MENS :: A SHELL COMMAND TO CREATE JSON: JO A shell command to create JSON: jo. I got tired of attempting to get shell scripts to produce valid JSON.You’ve likely seen somethinglike this before:
JAN-PIET MENS :: CUSTOM CREDENTIALS IN ANSIBLE TOWER/AWX Custom credentials in Ansible Tower/AWX. Let’s assume you want to access a monitoring host from an Ansible play which is launched by Ansible Tower/AWX, and let’s further assume that you require credentials with which to do so. The trivial demonstration play will be this one: You could well use Ansible’s extra_vars with which todo so
JAN-PIET MENS :: DON'T TRY THIS AT THE OFFICE: /ETC/SUDOERS This is highly embarrassing for me to confess, but let me tell you anyway: yesterday afternoon I successfully completed the biggest #failin my career: I
JAN-PIET MENS :: HOW TO CONFIGURE YOUR BIND RESOLVERS TO One of the more controversial additions to the BIND name server in version 9.8.0 was a feature called Response Policy Zone Rewriting which allows operators of recursive DNS servers (e.g. servers running at your ISP or in your corporate environment) to rewrite answers returned by authoritative DNS servers. (Paul Vixie had spoken about RPZ in Taking Back the DNS mid last year.)JAN-PIET MENS
Storing generic passwords in macOS' keychain. I tend to overlook this frequently, so as a note to self, it’s possible to store arbitrary passwords or secrets in the macOS keychain, so as to use them from, say, Shell scripts. From the command line I add an item named myk01which will
JAN-PIET MENS :: CONFIGURE SSH PROXYCOMMAND FOR ANSIBLE The magic is in tower_extra_volumes which sources the secrets created earlier, and tower_task_extra_volume_mounts which creates the actual bind-mount from the secrets. I’ve not found a stich of documentation on this; either term produces two google hits; quite the record. So, I then apply this configuration, and watch how the new pod getsdeployed.
JAN-PIET MENS :: DELOCK MQTT-ENABLED POWER SOCKET SWITCHES Via Kristian came a link to two MQTT-capable and HTTP-enabled power socket switches by Delock: one goes by the model number 11826, and the second is called 11827 and includes energy monitoring. I ordered one of each as it’s been a while since I toyed with stuff, and after all it is almost christmas The taller but slimmer plug on the left is the 11827, and the squatter square one on the JAN-PIET MENS :: THE UNIX MAGIC POSTER I understand the classic UNIX Magic poster by Gary Overacre was distributed at past USENIX conferences, and I’ve known of it for years but now in confinement, I’ve decided I want one to hang in my office.. The poster features a white bearded wizard with UNIX related objects around him, for example a spool of thread, a boot, a fork, pipes, and a bunch of containers labeled troff, awk, diff JAN-PIET MENS :: AN IOS APP UPDATE THAT REALLY ANNOYS ME An iOS app update that really annoys me. Almost a year ago I started using a delightful little iOS app called Receipt Box. It did exactly what I wanted: I could tap in an expense and a category, and the app added a geo location to the expense. I set up a few categories and from then on tapped a Euro value into the app single-handedly (nicebig
JAN-PIET MENS :: ANONYMOUS FTP SERVER ON OPENBSD I’ve been building a few packages for OpenBSD, and being a lazy sort, I thought I’d set up an anonymous FTP server via which the machines I’m working on (the builder and the pristine test candidate) can talk to each other easily.A Web server or an SSH server would have been equally suitable, as the OpenBSD package tools support the HTTP, HTTPS, and SCP URL schemes as well. JAN-PIET MENS :: TIME TO SOLVE: 10800 SECONDS Time to solve: 10800 seconds. I was asked to assist in debugging a strange issue involving a BIND resolver: seemingly correlating with an upgrade to Debian 10 a while ago, the chaps were reporting that their 9.11.5 BIND resolvers where responding with impossible TTLs on NOERROR/NODATA responses. My answer: nope – can’t happen. JAN-PIET MENS :: DIAL A FOR ANSIBLE AND R FOR RUNNER Ansible Runner is a Python library and utility which helps interfacing with Ansible playbook runs and also supports running ad-hoc commands and individual roles. It is used in AWX/Tower as the basis for executing playbooks, and I assume it grew from the original ansible.runner code, but I don’t have evidence.I discovered Ansible Runner (hereafter: Runner) about two years ago but mainly JAN-PIET MENS :: CACHING FACTS IN ANSIBLE Optional expiry of cached entries as well as enabling the cache itself is controlled by settings in ansible.cfg: fact_caching = redis fact_caching_timeout = 3600 fact_caching_connection = localhost:6379:0. By default, fact_caching is set to memory. Configuring it as above, makes Ansible use a Redis instance (on the local machine) as its cache. JAN-PIET MENS :: NETWORK-BOOTING MACHINES OVER HTTPSEE MORE ONJPMENS.NET
JAN-PIET MENS
Storing generic passwords in macOS' keychain. I tend to overlook this frequently, so as a note to self, it’s possible to store arbitrary passwords or secrets in the macOS keychain, so as to use them from, say, Shell scripts. From the command line I add an item named myk01which will
JAN-PIET MENS :: CONFIGURE SSH PROXYCOMMAND FOR ANSIBLE The magic is in tower_extra_volumes which sources the secrets created earlier, and tower_task_extra_volume_mounts which creates the actual bind-mount from the secrets. I’ve not found a stich of documentation on this; either term produces two google hits; quite the record. So, I then apply this configuration, and watch how the new pod getsdeployed.
JAN-PIET MENS :: DELOCK MQTT-ENABLED POWER SOCKET SWITCHES Via Kristian came a link to two MQTT-capable and HTTP-enabled power socket switches by Delock: one goes by the model number 11826, and the second is called 11827 and includes energy monitoring. I ordered one of each as it’s been a while since I toyed with stuff, and after all it is almost christmas The taller but slimmer plug on the left is the 11827, and the squatter square one on the JAN-PIET MENS :: THE UNIX MAGIC POSTER I understand the classic UNIX Magic poster by Gary Overacre was distributed at past USENIX conferences, and I’ve known of it for years but now in confinement, I’ve decided I want one to hang in my office.. The poster features a white bearded wizard with UNIX related objects around him, for example a spool of thread, a boot, a fork, pipes, and a bunch of containers labeled troff, awk, diff JAN-PIET MENS :: AN IOS APP UPDATE THAT REALLY ANNOYS ME An iOS app update that really annoys me. Almost a year ago I started using a delightful little iOS app called Receipt Box. It did exactly what I wanted: I could tap in an expense and a category, and the app added a geo location to the expense. I set up a few categories and from then on tapped a Euro value into the app single-handedly (nicebig
JAN-PIET MENS :: ANONYMOUS FTP SERVER ON OPENBSD I’ve been building a few packages for OpenBSD, and being a lazy sort, I thought I’d set up an anonymous FTP server via which the machines I’m working on (the builder and the pristine test candidate) can talk to each other easily.A Web server or an SSH server would have been equally suitable, as the OpenBSD package tools support the HTTP, HTTPS, and SCP URL schemes as well. JAN-PIET MENS :: TIME TO SOLVE: 10800 SECONDS Time to solve: 10800 seconds. I was asked to assist in debugging a strange issue involving a BIND resolver: seemingly correlating with an upgrade to Debian 10 a while ago, the chaps were reporting that their 9.11.5 BIND resolvers where responding with impossible TTLs on NOERROR/NODATA responses. My answer: nope – can’t happen. JAN-PIET MENS :: DIAL A FOR ANSIBLE AND R FOR RUNNER Ansible Runner is a Python library and utility which helps interfacing with Ansible playbook runs and also supports running ad-hoc commands and individual roles. It is used in AWX/Tower as the basis for executing playbooks, and I assume it grew from the original ansible.runner code, but I don’t have evidence.I discovered Ansible Runner (hereafter: Runner) about two years ago but mainly JAN-PIET MENS :: CACHING FACTS IN ANSIBLE Optional expiry of cached entries as well as enabling the cache itself is controlled by settings in ansible.cfg: fact_caching = redis fact_caching_timeout = 3600 fact_caching_connection = localhost:6379:0. By default, fact_caching is set to memory. Configuring it as above, makes Ansible use a Redis instance (on the local machine) as its cache. JAN-PIET MENS :: NETWORK-BOOTING MACHINES OVER HTTPSEE MORE ONJPMENS.NET
JAN-PIET MENS
Storing generic passwords in macOS' keychain. I tend to overlook this frequently, so as a note to self, it’s possible to store arbitrary passwords or secrets in the macOS keychain, so as to use them from, say, Shell scripts. From the command line I add an item named myk01which will
JAN-PIET MENS :: TIME TO SOLVE: 10800 SECONDS Time to solve: 10800 seconds. I was asked to assist in debugging a strange issue involving a BIND resolver: seemingly correlating with an upgrade to Debian 10 a while ago, the chaps were reporting that their 9.11.5 BIND resolvers where responding with impossible TTLs on NOERROR/NODATA responses. My answer: nope – can’t happen. JAN-PIET MENS :: ENTROPY: RANDOM DATA FOR DNSSEC Creating DNSSEC keys requires a lot of random data. If you run dnssec-keygen and it appears to hang (particularly when on a virtual machine), the program is actually waiting for entropy (i.e. “randomness”) to be made available in /dev/random. (For dnssec-keygen this can actually be faked, by passing the program a file from which it should consume the random data, but I certainlydon’t
JAN-PIET MENS :: DNS OPEN ZONE DATA root zone. First of all, the root zone is obtainable out of band via the IANA Root Files site, in particular the Root Zone File. If all you need is a list of the 1500 Top-Level Domains get those by themselves. RFC 8806 documents how to run a Root server local to a resolver, in other words, you can easily zone transfer the root zone. JAN-PIET MENS :: STORING GENERIC PASSWORDS IN MACOS' KEYCHAIN Storing generic passwords in macOS' keychain. I tend to overlook this frequently, so as a note to self, it’s possible to store arbitrary passwords or secrets in the macOS keychain, so as to use them from, say, Shell scripts. From the command line I add an item named myk01 which will contain generic password with. $ security add-generic JAN-PIET MENS :: REVISITING THE POWERDNS "BIND" BACK-END Configured to use the bind back-end, PowerDNS reads zone master files directly off the file system without requiring a heavy-duty relational database system. PowerDNS with the bind back-end runs in one of two modes: a hybrid mode in which it stores DNSSEC -related configuration in a separate back-end (e.g. MySQL or PostgreSQL) JAN-PIET MENS :: A SHELL COMMAND TO CREATE JSON: JO A shell command to create JSON: jo. I got tired of attempting to get shell scripts to produce valid JSON.You’ve likely seen somethinglike this before:
JAN-PIET MENS :: CUSTOM CREDENTIALS IN ANSIBLE TOWER/AWX Custom credentials in Ansible Tower/AWX. Let’s assume you want to access a monitoring host from an Ansible play which is launched by Ansible Tower/AWX, and let’s further assume that you require credentials with which to do so. The trivial demonstration play will be this one: You could well use Ansible’s extra_vars with which todo so
JAN-PIET MENS :: DON'T TRY THIS AT THE OFFICE: /ETC/SUDOERS This is highly embarrassing for me to confess, but let me tell you anyway: yesterday afternoon I successfully completed the biggest #failin my career: I
JAN-PIET MENS :: HOW TO CONFIGURE YOUR BIND RESOLVERS TO One of the more controversial additions to the BIND name server in version 9.8.0 was a feature called Response Policy Zone Rewriting which allows operators of recursive DNS servers (e.g. servers running at your ISP or in your corporate environment) to rewrite answers returned by authoritative DNS servers. (Paul Vixie had spoken about RPZ in Taking Back the DNS mid last year.)JAN-PIET MENS
Storing generic passwords in macOS' keychain. I tend to overlook this frequently, so as a note to self, it’s possible to store arbitrary passwords or secrets in the macOS keychain, so as to use them from, say, Shell scripts. From the command line I add an item named myk01which will
JAN-PIET MENS :: CONFIGURE SSH PROXYCOMMAND FOR ANSIBLE The magic is in tower_extra_volumes which sources the secrets created earlier, and tower_task_extra_volume_mounts which creates the actual bind-mount from the secrets. I’ve not found a stich of documentation on this; either term produces two google hits; quite the record. So, I then apply this configuration, and watch how the new pod getsdeployed.
JAN-PIET MENS :: DELOCK MQTT-ENABLED POWER SOCKET SWITCHES Via Kristian came a link to two MQTT-capable and HTTP-enabled power socket switches by Delock: one goes by the model number 11826, and the second is called 11827 and includes energy monitoring. I ordered one of each as it’s been a while since I toyed with stuff, and after all it is almost christmas The taller but slimmer plug on the left is the 11827, and the squatter square one on the JAN-PIET MENS :: THE UNIX MAGIC POSTER I understand the classic UNIX Magic poster by Gary Overacre was distributed at past USENIX conferences, and I’ve known of it for years but now in confinement, I’ve decided I want one to hang in my office.. The poster features a white bearded wizard with UNIX related objects around him, for example a spool of thread, a boot, a fork, pipes, and a bunch of containers labeled troff, awk, diff JAN-PIET MENS :: ANONYMOUS FTP SERVER ON OPENBSD I’ve been building a few packages for OpenBSD, and being a lazy sort, I thought I’d set up an anonymous FTP server via which the machines I’m working on (the builder and the pristine test candidate) can talk to each other easily.A Web server or an SSH server would have been equally suitable, as the OpenBSD package tools support the HTTP, HTTPS, and SCP URL schemes as well. JAN-PIET MENS :: AN IOS APP UPDATE THAT REALLY ANNOYS ME An iOS app update that really annoys me. Almost a year ago I started using a delightful little iOS app called Receipt Box. It did exactly what I wanted: I could tap in an expense and a category, and the app added a geo location to the expense. I set up a few categories and from then on tapped a Euro value into the app single-handedly (nicebig
JAN-PIET MENS :: TIME TO SOLVE: 10800 SECONDS Time to solve: 10800 seconds. I was asked to assist in debugging a strange issue involving a BIND resolver: seemingly correlating with an upgrade to Debian 10 a while ago, the chaps were reporting that their 9.11.5 BIND resolvers where responding with impossible TTLs on NOERROR/NODATA responses. My answer: nope – can’t happen. JAN-PIET MENS :: DIAL A FOR ANSIBLE AND R FOR RUNNER Ansible Runner is a Python library and utility which helps interfacing with Ansible playbook runs and also supports running ad-hoc commands and individual roles. It is used in AWX/Tower as the basis for executing playbooks, and I assume it grew from the original ansible.runner code, but I don’t have evidence.I discovered Ansible Runner (hereafter: Runner) about two years ago but mainly JAN-PIET MENS :: CACHING FACTS IN ANSIBLE Optional expiry of cached entries as well as enabling the cache itself is controlled by settings in ansible.cfg: fact_caching = redis fact_caching_timeout = 3600 fact_caching_connection = localhost:6379:0. By default, fact_caching is set to memory. Configuring it as above, makes Ansible use a Redis instance (on the local machine) as its cache. JAN-PIET MENS :: NETWORK-BOOTING MACHINES OVER HTTPSEE MORE ONJPMENS.NET
JAN-PIET MENS
Storing generic passwords in macOS' keychain. I tend to overlook this frequently, so as a note to self, it’s possible to store arbitrary passwords or secrets in the macOS keychain, so as to use them from, say, Shell scripts. From the command line I add an item named myk01which will
JAN-PIET MENS :: CONFIGURE SSH PROXYCOMMAND FOR ANSIBLE The magic is in tower_extra_volumes which sources the secrets created earlier, and tower_task_extra_volume_mounts which creates the actual bind-mount from the secrets. I’ve not found a stich of documentation on this; either term produces two google hits; quite the record. So, I then apply this configuration, and watch how the new pod getsdeployed.
JAN-PIET MENS :: DELOCK MQTT-ENABLED POWER SOCKET SWITCHES Via Kristian came a link to two MQTT-capable and HTTP-enabled power socket switches by Delock: one goes by the model number 11826, and the second is called 11827 and includes energy monitoring. I ordered one of each as it’s been a while since I toyed with stuff, and after all it is almost christmas The taller but slimmer plug on the left is the 11827, and the squatter square one on the JAN-PIET MENS :: THE UNIX MAGIC POSTER I understand the classic UNIX Magic poster by Gary Overacre was distributed at past USENIX conferences, and I’ve known of it for years but now in confinement, I’ve decided I want one to hang in my office.. The poster features a white bearded wizard with UNIX related objects around him, for example a spool of thread, a boot, a fork, pipes, and a bunch of containers labeled troff, awk, diff JAN-PIET MENS :: ANONYMOUS FTP SERVER ON OPENBSD I’ve been building a few packages for OpenBSD, and being a lazy sort, I thought I’d set up an anonymous FTP server via which the machines I’m working on (the builder and the pristine test candidate) can talk to each other easily.A Web server or an SSH server would have been equally suitable, as the OpenBSD package tools support the HTTP, HTTPS, and SCP URL schemes as well. JAN-PIET MENS :: AN IOS APP UPDATE THAT REALLY ANNOYS ME An iOS app update that really annoys me. Almost a year ago I started using a delightful little iOS app called Receipt Box. It did exactly what I wanted: I could tap in an expense and a category, and the app added a geo location to the expense. I set up a few categories and from then on tapped a Euro value into the app single-handedly (nicebig
JAN-PIET MENS :: TIME TO SOLVE: 10800 SECONDS Time to solve: 10800 seconds. I was asked to assist in debugging a strange issue involving a BIND resolver: seemingly correlating with an upgrade to Debian 10 a while ago, the chaps were reporting that their 9.11.5 BIND resolvers where responding with impossible TTLs on NOERROR/NODATA responses. My answer: nope – can’t happen. JAN-PIET MENS :: DIAL A FOR ANSIBLE AND R FOR RUNNER Ansible Runner is a Python library and utility which helps interfacing with Ansible playbook runs and also supports running ad-hoc commands and individual roles. It is used in AWX/Tower as the basis for executing playbooks, and I assume it grew from the original ansible.runner code, but I don’t have evidence.I discovered Ansible Runner (hereafter: Runner) about two years ago but mainly JAN-PIET MENS :: CACHING FACTS IN ANSIBLE Optional expiry of cached entries as well as enabling the cache itself is controlled by settings in ansible.cfg: fact_caching = redis fact_caching_timeout = 3600 fact_caching_connection = localhost:6379:0. By default, fact_caching is set to memory. Configuring it as above, makes Ansible use a Redis instance (on the local machine) as its cache. JAN-PIET MENS :: NETWORK-BOOTING MACHINES OVER HTTPSEE MORE ONJPMENS.NET
JAN-PIET MENS
Storing generic passwords in macOS' keychain. I tend to overlook this frequently, so as a note to self, it’s possible to store arbitrary passwords or secrets in the macOS keychain, so as to use them from, say, Shell scripts. From the command line I add an item named myk01which will
JAN-PIET MENS :: A DIAGRAM TO DEPICT THE DNSSEC CHAIN OF TRUST I’ve yet to come across a diagram showing a DNSSEC chain of trust which I actually like. It took me a long time to design one of my own for my post on CDS/DNSKEY records, but I feel that doesn’t clearly convey the chain I mean.. This is my latest creation: The text on the blue connectors is a bit small in this rendition (it says “refers to”) – I might have to tweak that. JAN-PIET MENS :: TIME TO SOLVE: 10800 SECONDS Time to solve: 10800 seconds. I was asked to assist in debugging a strange issue involving a BIND resolver: seemingly correlating with an upgrade to Debian 10 a while ago, the chaps were reporting that their 9.11.5 BIND resolvers where responding with impossible TTLs on NOERROR/NODATA responses. My answer: nope – can’t happen. JAN-PIET MENS :: DNS OPEN ZONE DATA root zone. First of all, the root zone is obtainable out of band via the IANA Root Files site, in particular the Root Zone File. If all you need is a list of the 1500 Top-Level Domains get those by themselves. RFC 8806 documents how to run a Root server local to a resolver, in other words, you can easily zone transfer the root zone. JAN-PIET MENS :: STORING GENERIC PASSWORDS IN MACOS' KEYCHAIN Storing generic passwords in macOS' keychain. I tend to overlook this frequently, so as a note to self, it’s possible to store arbitrary passwords or secrets in the macOS keychain, so as to use them from, say, Shell scripts. From the command line I add an item named myk01 which will contain generic password with. $ security add-generic JAN-PIET MENS :: A SHELL COMMAND TO CREATE JSON: JO A shell command to create JSON: jo. I got tired of attempting to get shell scripts to produce valid JSON.You’ve likely seen somethinglike this before:
JAN-PIET MENS :: BIND QUERYLOG: KNOW YOUR FLAGS Here are two sample logfile entries, the first from a BIND version in 2011 (when I originally wrote this piece), and the second from a BIND version 9.11.2 server. client 192.168.117.234#53311: view authoritative: query: example.org IN NS -EDC (192.168.36.217) client @0x7fa0d607f200 192.168.1.130#63565 (example.org): view internal:query: query
JAN-PIET MENS :: ENTROPY: RANDOM DATA FOR DNSSEC Creating DNSSEC keys requires a lot of random data. If you run dnssec-keygen and it appears to hang (particularly when on a virtual machine), the program is actually waiting for entropy (i.e. “randomness”) to be made available in /dev/random. (For dnssec-keygen this can actually be faked, by passing the program a file from which it should consume the random data, but I certainlydon’t
JAN-PIET MENS :: REVISITING THE POWERDNS "BIND" BACK-END Configured to use the bind back-end, PowerDNS reads zone master files directly off the file system without requiring a heavy-duty relational database system. PowerDNS with the bind back-end runs in one of two modes: a hybrid mode in which it stores DNSSEC -related configuration in a separate back-end (e.g. MySQL or PostgreSQL) JAN-PIET MENS :: DON'T TRY THIS AT THE OFFICE: /ETC/SUDOERS This is highly embarrassing for me to confess, but let me tell you anyway: yesterday afternoon I successfully completed the biggest #failin my career: I
JAN-PIET MENS
Storing generic passwords in macOS' keychain. I tend to overlook this frequently, so as a note to self, it’s possible to store arbitrary passwords or secrets in the macOS keychain, so as to use them from, say, Shell scripts. From the command line I add an item named myk01which will
JAN-PIET MENS :: CONFIGURE SSH PROXYCOMMAND FOR ANSIBLE The magic is in tower_extra_volumes which sources the secrets created earlier, and tower_task_extra_volume_mounts which creates the actual bind-mount from the secrets. I’ve not found a stich of documentation on this; either term produces two google hits; quite the record. So, I then apply this configuration, and watch how the new pod getsdeployed.
JAN-PIET MENS :: DELOCK MQTT-ENABLED POWER SOCKET SWITCHES Via Kristian came a link to two MQTT-capable and HTTP-enabled power socket switches by Delock: one goes by the model number 11826, and the second is called 11827 and includes energy monitoring. I ordered one of each as it’s been a while since I toyed with stuff, and after all it is almost christmas The taller but slimmer plug on the left is the 11827, and the squatter square one on the JAN-PIET MENS :: THE UNIX MAGIC POSTER I understand the classic UNIX Magic poster by Gary Overacre was distributed at past USENIX conferences, and I’ve known of it for years but now in confinement, I’ve decided I want one to hang in my office.. The poster features a white bearded wizard with UNIX related objects around him, for example a spool of thread, a boot, a fork, pipes, and a bunch of containers labeled troff, awk, diff JAN-PIET MENS :: ANONYMOUS FTP SERVER ON OPENBSD I’ve been building a few packages for OpenBSD, and being a lazy sort, I thought I’d set up an anonymous FTP server via which the machines I’m working on (the builder and the pristine test candidate) can talk to each other easily.A Web server or an SSH server would have been equally suitable, as the OpenBSD package tools support the HTTP, HTTPS, and SCP URL schemes as well. JAN-PIET MENS :: AN IOS APP UPDATE THAT REALLY ANNOYS ME An iOS app update that really annoys me. Almost a year ago I started using a delightful little iOS app called Receipt Box. It did exactly what I wanted: I could tap in an expense and a category, and the app added a geo location to the expense. I set up a few categories and from then on tapped a Euro value into the app single-handedly (nicebig
JAN-PIET MENS :: TIME TO SOLVE: 10800 SECONDS Time to solve: 10800 seconds. I was asked to assist in debugging a strange issue involving a BIND resolver: seemingly correlating with an upgrade to Debian 10 a while ago, the chaps were reporting that their 9.11.5 BIND resolvers where responding with impossible TTLs on NOERROR/NODATA responses. My answer: nope – can’t happen. JAN-PIET MENS :: DIAL A FOR ANSIBLE AND R FOR RUNNER Ansible Runner is a Python library and utility which helps interfacing with Ansible playbook runs and also supports running ad-hoc commands and individual roles. It is used in AWX/Tower as the basis for executing playbooks, and I assume it grew from the original ansible.runner code, but I don’t have evidence.I discovered Ansible Runner (hereafter: Runner) about two years ago but mainly JAN-PIET MENS :: CACHING FACTS IN ANSIBLE Optional expiry of cached entries as well as enabling the cache itself is controlled by settings in ansible.cfg: fact_caching = redis fact_caching_timeout = 3600 fact_caching_connection = localhost:6379:0. By default, fact_caching is set to memory. Configuring it as above, makes Ansible use a Redis instance (on the local machine) as its cache. JAN-PIET MENS :: NETWORK-BOOTING MACHINES OVER HTTPSEE MORE ONJPMENS.NET
JAN-PIET MENS
Storing generic passwords in macOS' keychain. I tend to overlook this frequently, so as a note to self, it’s possible to store arbitrary passwords or secrets in the macOS keychain, so as to use them from, say, Shell scripts. From the command line I add an item named myk01which will
JAN-PIET MENS :: CONFIGURE SSH PROXYCOMMAND FOR ANSIBLE The magic is in tower_extra_volumes which sources the secrets created earlier, and tower_task_extra_volume_mounts which creates the actual bind-mount from the secrets. I’ve not found a stich of documentation on this; either term produces two google hits; quite the record. So, I then apply this configuration, and watch how the new pod getsdeployed.
JAN-PIET MENS :: DELOCK MQTT-ENABLED POWER SOCKET SWITCHES Via Kristian came a link to two MQTT-capable and HTTP-enabled power socket switches by Delock: one goes by the model number 11826, and the second is called 11827 and includes energy monitoring. I ordered one of each as it’s been a while since I toyed with stuff, and after all it is almost christmas The taller but slimmer plug on the left is the 11827, and the squatter square one on the JAN-PIET MENS :: THE UNIX MAGIC POSTER I understand the classic UNIX Magic poster by Gary Overacre was distributed at past USENIX conferences, and I’ve known of it for years but now in confinement, I’ve decided I want one to hang in my office.. The poster features a white bearded wizard with UNIX related objects around him, for example a spool of thread, a boot, a fork, pipes, and a bunch of containers labeled troff, awk, diff JAN-PIET MENS :: ANONYMOUS FTP SERVER ON OPENBSD I’ve been building a few packages for OpenBSD, and being a lazy sort, I thought I’d set up an anonymous FTP server via which the machines I’m working on (the builder and the pristine test candidate) can talk to each other easily.A Web server or an SSH server would have been equally suitable, as the OpenBSD package tools support the HTTP, HTTPS, and SCP URL schemes as well. JAN-PIET MENS :: AN IOS APP UPDATE THAT REALLY ANNOYS ME An iOS app update that really annoys me. Almost a year ago I started using a delightful little iOS app called Receipt Box. It did exactly what I wanted: I could tap in an expense and a category, and the app added a geo location to the expense. I set up a few categories and from then on tapped a Euro value into the app single-handedly (nicebig
JAN-PIET MENS :: TIME TO SOLVE: 10800 SECONDS Time to solve: 10800 seconds. I was asked to assist in debugging a strange issue involving a BIND resolver: seemingly correlating with an upgrade to Debian 10 a while ago, the chaps were reporting that their 9.11.5 BIND resolvers where responding with impossible TTLs on NOERROR/NODATA responses. My answer: nope – can’t happen. JAN-PIET MENS :: DIAL A FOR ANSIBLE AND R FOR RUNNER Ansible Runner is a Python library and utility which helps interfacing with Ansible playbook runs and also supports running ad-hoc commands and individual roles. It is used in AWX/Tower as the basis for executing playbooks, and I assume it grew from the original ansible.runner code, but I don’t have evidence.I discovered Ansible Runner (hereafter: Runner) about two years ago but mainly JAN-PIET MENS :: CACHING FACTS IN ANSIBLE Optional expiry of cached entries as well as enabling the cache itself is controlled by settings in ansible.cfg: fact_caching = redis fact_caching_timeout = 3600 fact_caching_connection = localhost:6379:0. By default, fact_caching is set to memory. Configuring it as above, makes Ansible use a Redis instance (on the local machine) as its cache. JAN-PIET MENS :: NETWORK-BOOTING MACHINES OVER HTTPSEE MORE ONJPMENS.NET
JAN-PIET MENS
Storing generic passwords in macOS' keychain. I tend to overlook this frequently, so as a note to self, it’s possible to store arbitrary passwords or secrets in the macOS keychain, so as to use them from, say, Shell scripts. From the command line I add an item named myk01which will
JAN-PIET MENS :: A DIAGRAM TO DEPICT THE DNSSEC CHAIN OF TRUST I’ve yet to come across a diagram showing a DNSSEC chain of trust which I actually like. It took me a long time to design one of my own for my post on CDS/DNSKEY records, but I feel that doesn’t clearly convey the chain I mean.. This is my latest creation: The text on the blue connectors is a bit small in this rendition (it says “refers to”) – I might have to tweak that. JAN-PIET MENS :: TIME TO SOLVE: 10800 SECONDS Time to solve: 10800 seconds. I was asked to assist in debugging a strange issue involving a BIND resolver: seemingly correlating with an upgrade to Debian 10 a while ago, the chaps were reporting that their 9.11.5 BIND resolvers where responding with impossible TTLs on NOERROR/NODATA responses. My answer: nope – can’t happen. JAN-PIET MENS :: DNS OPEN ZONE DATA root zone. First of all, the root zone is obtainable out of band via the IANA Root Files site, in particular the Root Zone File. If all you need is a list of the 1500 Top-Level Domains get those by themselves. RFC 8806 documents how to run a Root server local to a resolver, in other words, you can easily zone transfer the root zone. JAN-PIET MENS :: STORING GENERIC PASSWORDS IN MACOS' KEYCHAIN Storing generic passwords in macOS' keychain. I tend to overlook this frequently, so as a note to self, it’s possible to store arbitrary passwords or secrets in the macOS keychain, so as to use them from, say, Shell scripts. From the command line I add an item named myk01 which will contain generic password with. $ security add-generic JAN-PIET MENS :: A SHELL COMMAND TO CREATE JSON: JO A shell command to create JSON: jo. I got tired of attempting to get shell scripts to produce valid JSON.You’ve likely seen somethinglike this before:
JAN-PIET MENS :: BIND QUERYLOG: KNOW YOUR FLAGS Here are two sample logfile entries, the first from a BIND version in 2011 (when I originally wrote this piece), and the second from a BIND version 9.11.2 server. client 192.168.117.234#53311: view authoritative: query: example.org IN NS -EDC (192.168.36.217) client @0x7fa0d607f200 192.168.1.130#63565 (example.org): view internal:query: query
JAN-PIET MENS :: ENTROPY: RANDOM DATA FOR DNSSEC Creating DNSSEC keys requires a lot of random data. If you run dnssec-keygen and it appears to hang (particularly when on a virtual machine), the program is actually waiting for entropy (i.e. “randomness”) to be made available in /dev/random. (For dnssec-keygen this can actually be faked, by passing the program a file from which it should consume the random data, but I certainlydon’t
JAN-PIET MENS :: REVISITING THE POWERDNS "BIND" BACK-END Configured to use the bind back-end, PowerDNS reads zone master files directly off the file system without requiring a heavy-duty relational database system. PowerDNS with the bind back-end runs in one of two modes: a hybrid mode in which it stores DNSSEC -related configuration in a separate back-end (e.g. MySQL or PostgreSQL) JAN-PIET MENS :: DON'T TRY THIS AT THE OFFICE: /ETC/SUDOERS This is highly embarrassing for me to confess, but let me tell you anyway: yesterday afternoon I successfully completed the biggest #failin my career: I
JAN-PIET MENS :: CONFIGURE SSH PROXYCOMMAND FOR ANSIBLE The magic is in tower_extra_volumes which sources the secrets created earlier, and tower_task_extra_volume_mounts which creates the actual bind-mount from the secrets. I’ve not found a stich of documentation on this; either term produces two google hits; quite the record. So, I then apply this configuration, and watch how the new pod getsdeployed.
JAN-PIET MENS :: ANONYMOUS FTP SERVER ON OPENBSD I’ve been building a few packages for OpenBSD, and being a lazy sort, I thought I’d set up an anonymous FTP server via which the machines I’m working on (the builder and the pristine test candidate) can talk to each other easily.A Web server or an SSH server would have been equally suitable, as the OpenBSD package tools support the HTTP, HTTPS, and SCP URL schemes as well. JAN-PIET MENS :: USING {{ ANSIBLE_MANAGED }} IN ANSIBLE When we originally contributed the {{ ansible_managed }} feature to the Ansible project it was quite rudimentary: the intention was to have a token which would be templated out to ensure people looking at the remote file would keep their paws off it, warning against manual modifications to the file which would be overwritten at the nextplaybook run.
JAN-PIET MENS :: DNS OPEN ZONE DATA You might also have a bit of fun (and maybe more suggestions) at determining the number of delegated ccTLD from a root zone transfer.. Estonia. Jaromir writes to mention Estonia provides their zone via AXFR from @zone.internet.ee, and they document it here.. France. Stéphane Bortzmeyer writes to say that AFNIC publish the list of domains for France (); the file you want is called A JAN-PIET MENS :: DIAL A FOR ANSIBLE AND R FOR RUNNER Ansible Runner is a Python library and utility which helps interfacing with Ansible playbook runs and also supports running ad-hoc commands and individual roles. It is used in AWX/Tower as the basis for executing playbooks, and I assume it grew from the original ansible.runner code, but I don’t have evidence.I discovered Ansible Runner (hereafter: Runner) about two years ago but mainly JAN-PIET MENS :: CUSTOM CREDENTIALS IN ANSIBLE TOWER/AWX Custom credentials in Ansible Tower/AWX. Let’s assume you want to access a monitoring host from an Ansible play which is launched by Ansible Tower/AWX, and let’s further assume that you require credentials with which to do so. The trivial demonstration play will be this one: You could well use Ansible’s extra_vars with which todo so
JAN-PIET MENS :: NETWORK-BOOTING MACHINES OVER HTTPSEE MORE ONJPMENS.NET
JAN-PIET MENS :: REVISITING THE POWERDNS "BIND" BACK-END Configured to use the bind back-end, PowerDNS reads zone master files directly off the file system without requiring a heavy-duty relational database system. PowerDNS with the bind back-end runs in one of two modes: a hybrid mode in which it stores DNSSEC -related configuration in a separate back-end (e.g. MySQL or PostgreSQL) JAN-PIET MENS :: TRACKING DHCP LEASES (DNSMASQ) Tracking DHCP leases (dnsmasq) I use dnsmasq as part of the DNSSEC Appliance at Casa Mens, and I had it use a Lua script to notify me when a new DHCP lease is issued. (You may recall that Simon Kelly integrated Lua into dnsmasq two years ago.) That’s all fine and dandy, but I often need to check back which lease was issued. JAN-PIET MENS :: HOW TO CONFIGURE YOUR BIND RESOLVERS TO One of the more controversial additions to the BIND name server in version 9.8.0 was a feature called Response Policy Zone Rewriting which allows operators of recursive DNS servers (e.g. servers running at your ISP or in your corporate environment) to rewrite answers returned by authoritative DNS servers. (Paul Vixie had spoken about RPZ in Taking Back the DNS mid last year.) JAN-PIET MENS :: CONFIGURE SSH PROXYCOMMAND FOR ANSIBLE The magic is in tower_extra_volumes which sources the secrets created earlier, and tower_task_extra_volume_mounts which creates the actual bind-mount from the secrets. I’ve not found a stich of documentation on this; either term produces two google hits; quite the record. So, I then apply this configuration, and watch how the new pod getsdeployed.
JAN-PIET MENS :: ANONYMOUS FTP SERVER ON OPENBSD I’ve been building a few packages for OpenBSD, and being a lazy sort, I thought I’d set up an anonymous FTP server via which the machines I’m working on (the builder and the pristine test candidate) can talk to each other easily.A Web server or an SSH server would have been equally suitable, as the OpenBSD package tools support the HTTP, HTTPS, and SCP URL schemes as well. JAN-PIET MENS :: USING {{ ANSIBLE_MANAGED }} IN ANSIBLE When we originally contributed the {{ ansible_managed }} feature to the Ansible project it was quite rudimentary: the intention was to have a token which would be templated out to ensure people looking at the remote file would keep their paws off it, warning against manual modifications to the file which would be overwritten at the nextplaybook run.
JAN-PIET MENS :: DNS OPEN ZONE DATA You might also have a bit of fun (and maybe more suggestions) at determining the number of delegated ccTLD from a root zone transfer.. Estonia. Jaromir writes to mention Estonia provides their zone via AXFR from @zone.internet.ee, and they document it here.. France. Stéphane Bortzmeyer writes to say that AFNIC publish the list of domains for France (); the file you want is called A JAN-PIET MENS :: DIAL A FOR ANSIBLE AND R FOR RUNNER Ansible Runner is a Python library and utility which helps interfacing with Ansible playbook runs and also supports running ad-hoc commands and individual roles. It is used in AWX/Tower as the basis for executing playbooks, and I assume it grew from the original ansible.runner code, but I don’t have evidence.I discovered Ansible Runner (hereafter: Runner) about two years ago but mainly JAN-PIET MENS :: CUSTOM CREDENTIALS IN ANSIBLE TOWER/AWX Custom credentials in Ansible Tower/AWX. Let’s assume you want to access a monitoring host from an Ansible play which is launched by Ansible Tower/AWX, and let’s further assume that you require credentials with which to do so. The trivial demonstration play will be this one: You could well use Ansible’s extra_vars with which todo so
JAN-PIET MENS :: NETWORK-BOOTING MACHINES OVER HTTPSEE MORE ONJPMENS.NET
JAN-PIET MENS :: REVISITING THE POWERDNS "BIND" BACK-END Configured to use the bind back-end, PowerDNS reads zone master files directly off the file system without requiring a heavy-duty relational database system. PowerDNS with the bind back-end runs in one of two modes: a hybrid mode in which it stores DNSSEC -related configuration in a separate back-end (e.g. MySQL or PostgreSQL) JAN-PIET MENS :: TRACKING DHCP LEASES (DNSMASQ) Tracking DHCP leases (dnsmasq) I use dnsmasq as part of the DNSSEC Appliance at Casa Mens, and I had it use a Lua script to notify me when a new DHCP lease is issued. (You may recall that Simon Kelly integrated Lua into dnsmasq two years ago.) That’s all fine and dandy, but I often need to check back which lease was issued. JAN-PIET MENS :: HOW TO CONFIGURE YOUR BIND RESOLVERS TO One of the more controversial additions to the BIND name server in version 9.8.0 was a feature called Response Policy Zone Rewriting which allows operators of recursive DNS servers (e.g. servers running at your ISP or in your corporate environment) to rewrite answers returned by authoritative DNS servers. (Paul Vixie had spoken about RPZ in Taking Back the DNS mid last year.)JAN-PIET MENS
Storing generic passwords in macOS' keychain. I tend to overlook this frequently, so as a note to self, it’s possible to store arbitrary passwords or secrets in the macOS keychain, so as to use them from, say, Shell scripts. From the command line I add an item named myk01which will
JAN-PIET MENS :: ANONYMOUS FTP SERVER ON OPENBSD I’ve been building a few packages for OpenBSD, and being a lazy sort, I thought I’d set up an anonymous FTP server via which the machines I’m working on (the builder and the pristine test candidate) can talk to each other easily.A Web server or an SSH server would have been equally suitable, as the OpenBSD package tools support the HTTP, HTTPS, and SCP URL schemes as well. JAN-PIET MENS :: USING A SMARTCARD HSM FOR DNSSEC WITH I’ve been thinking a bit about affordable hardware security modules (HSM); affordable is relative so I’ll start with “inexpensive”, and I recall I had mixed experiences with a very small HSM I purchased six years ago.I am curious to see whether I’m now able to wire up the CardContact SmartCard HSM to some Open Source DNS servers and whether the experience has improved. JAN-PIET MENS :: DNS OPEN ZONE DATA You might also have a bit of fun (and maybe more suggestions) at determining the number of delegated ccTLD from a root zone transfer.. Estonia. Jaromir writes to mention Estonia provides their zone via AXFR from @zone.internet.ee, and they document it here.. France. Stéphane Bortzmeyer writes to say that AFNIC publish the list of domains for France (); the file you want is called A JAN-PIET MENS :: AN IOS APP UPDATE THAT REALLY ANNOYS ME An iOS app update that really annoys me. Almost a year ago I started using a delightful little iOS app called Receipt Box. It did exactly what I wanted: I could tap in an expense and a category, and the app added a geo location to the expense. I set up a few categories and from then on tapped a Euro value into the app single-handedly (nicebig
JAN-PIET MENS :: TIME TO SOLVE: 10800 SECONDS Time to solve: 10800 seconds. I was asked to assist in debugging a strange issue involving a BIND resolver: seemingly correlating with an upgrade to Debian 10 a while ago, the chaps were reporting that their 9.11.5 BIND resolvers where responding with impossible TTLs on NOERROR/NODATA responses. My answer: nope – can’t happen. JAN-PIET MENS :: DIAL A FOR ANSIBLE AND R FOR RUNNER Ansible Runner is a Python library and utility which helps interfacing with Ansible playbook runs and also supports running ad-hoc commands and individual roles. It is used in AWX/Tower as the basis for executing playbooks, and I assume it grew from the original ansible.runner code, but I don’t have evidence.I discovered Ansible Runner (hereafter: Runner) about two years ago but mainly JAN-PIET MENS :: A SHELL COMMAND TO CREATE JSON: JO A shell command to create JSON: jo. I got tired of attempting to get shell scripts to produce valid JSON.You’ve likely seen somethinglike this before:
JAN-PIET MENS :: CUSTOM CREDENTIALS IN ANSIBLE TOWER/AWX Custom credentials in Ansible Tower/AWX. Let’s assume you want to access a monitoring host from an Ansible play which is launched by Ansible Tower/AWX, and let’s further assume that you require credentials with which to do so. The trivial demonstration play will be this one: You could well use Ansible’s extra_vars with which todo so
JAN-PIET MENS :: CACHING FACTS IN ANSIBLE One of the first steps in an Ansible playbook run (unless you explicitly disable it) is the gathering of facts via the setup module. These facts are collected on each machine and were kept in memory for the duration of the playbook run before being destroyed.JAN-PIET MENS
You might also have a bit of fun (and maybe more suggestions) at determining the number of delegated ccTLD from a root zone transfer.. Estonia. Jaromir writes to mention Estonia provides their zone via AXFR from @zone.internet.ee, and they document it here.. France. Stéphane Bortzmeyer writes to say that AFNIC publish the list of domains for France (); the file you want is called A JAN-PIET MENS :: ANONYMOUS FTP SERVER ON OPENBSD I’ve been building a few packages for OpenBSD, and being a lazy sort, I thought I’d set up an anonymous FTP server via which the machines I’m working on (the builder and the pristine test candidate) can talk to each other easily.A Web server or an SSH server would have been equally suitable, as the OpenBSD package tools support the HTTP, HTTPS, and SCP URL schemes as well. JAN-PIET MENS :: DELOCK MQTT-ENABLED POWER SOCKET SWITCHES Via Kristian came a link to two MQTT-capable and HTTP-enabled power socket switches by Delock: one goes by the model number 11826, and the second is called 11827 and includes energy monitoring. I ordered one of each as it’s been a while since I toyed with stuff, and after all it is almost christmas The taller but slimmer plug on the left is the 11827, and the squatter square one on the JAN-PIET MENS :: CONFIGURE SSH PROXYCOMMAND FOR ANSIBLE The magic is in tower_extra_volumes which sources the secrets created earlier, and tower_task_extra_volume_mounts which creates the actual bind-mount from the secrets. I’ve not found a stich of documentation on this; either term produces two google hits; quite the record. So, I then apply this configuration, and watch how the new pod getsdeployed.
JAN-PIET MENS :: AN IOS APP UPDATE THAT REALLY ANNOYS ME Almost a year ago I started using a delightful little iOS app called Receipt Box. It did exactly what I wanted: I could tap in an expense and a category, and the app added a geo location to the exp JAN-PIET MENS :: DIAL A FOR ANSIBLE AND R FOR RUNNER Ansible Runner is a Python library and utility which helps interfacing with Ansible playbook runs and also supports running ad-hoc commands and individual roles. It is used in AWX/Tower as the basis for executing playbooks, and I assume it grew from the original ansible.runner code, but I don’t have evidence.I discovered Ansible Runner (hereafter: Runner) about two years ago but mainly JAN-PIET MENS :: NETWORK-BOOTING MACHINES OVER HTTPSEE MORE ONJPMENS.NET
JAN-PIET MENS :: A SHELL COMMAND TO CREATE JSON: JO A shell command to create JSON: jo. I got tired of attempting to get shell scripts to produce valid JSON.You’ve likely seen somethinglike this before:
JAN-PIET MENS :: ENTROPY: RANDOM DATA FOR DNSSEC Creating DNSSEC keys requires a lot of random data. If you run dnssec-keygen and it appears to hang (particularly when on a virtual machine), the program is actually waiting for entropy (i.e. “randomness”) to be made available in /dev/random. (For dnssec-keygen this can actually be faked, by passing the program a file from which it should consume the random data, but I certainlydon’t
JAN-PIET MENS :: DON'T TRY THIS AT THE OFFICE: /ETC/SUDOERS This is highly embarrassing for me to confess, but let me tell you anyway: yesterday afternoon I successfully completed the biggest #failin my career: I
JAN-PIET MENS
You might also have a bit of fun (and maybe more suggestions) at determining the number of delegated ccTLD from a root zone transfer.. Estonia. Jaromir writes to mention Estonia provides their zone via AXFR from @zone.internet.ee, and they document it here.. France. Stéphane Bortzmeyer writes to say that AFNIC publish the list of domains for France (); the file you want is called A JAN-PIET MENS :: ANONYMOUS FTP SERVER ON OPENBSD I’ve been building a few packages for OpenBSD, and being a lazy sort, I thought I’d set up an anonymous FTP server via which the machines I’m working on (the builder and the pristine test candidate) can talk to each other easily.A Web server or an SSH server would have been equally suitable, as the OpenBSD package tools support the HTTP, HTTPS, and SCP URL schemes as well. JAN-PIET MENS :: DELOCK MQTT-ENABLED POWER SOCKET SWITCHES Via Kristian came a link to two MQTT-capable and HTTP-enabled power socket switches by Delock: one goes by the model number 11826, and the second is called 11827 and includes energy monitoring. I ordered one of each as it’s been a while since I toyed with stuff, and after all it is almost christmas The taller but slimmer plug on the left is the 11827, and the squatter square one on the JAN-PIET MENS :: CONFIGURE SSH PROXYCOMMAND FOR ANSIBLE The magic is in tower_extra_volumes which sources the secrets created earlier, and tower_task_extra_volume_mounts which creates the actual bind-mount from the secrets. I’ve not found a stich of documentation on this; either term produces two google hits; quite the record. So, I then apply this configuration, and watch how the new pod getsdeployed.
JAN-PIET MENS :: AN IOS APP UPDATE THAT REALLY ANNOYS ME Almost a year ago I started using a delightful little iOS app called Receipt Box. It did exactly what I wanted: I could tap in an expense and a category, and the app added a geo location to the exp JAN-PIET MENS :: DIAL A FOR ANSIBLE AND R FOR RUNNER Ansible Runner is a Python library and utility which helps interfacing with Ansible playbook runs and also supports running ad-hoc commands and individual roles. It is used in AWX/Tower as the basis for executing playbooks, and I assume it grew from the original ansible.runner code, but I don’t have evidence.I discovered Ansible Runner (hereafter: Runner) about two years ago but mainly JAN-PIET MENS :: NETWORK-BOOTING MACHINES OVER HTTPSEE MORE ONJPMENS.NET
JAN-PIET MENS :: A SHELL COMMAND TO CREATE JSON: JO A shell command to create JSON: jo. I got tired of attempting to get shell scripts to produce valid JSON.You’ve likely seen somethinglike this before:
JAN-PIET MENS :: ENTROPY: RANDOM DATA FOR DNSSEC Creating DNSSEC keys requires a lot of random data. If you run dnssec-keygen and it appears to hang (particularly when on a virtual machine), the program is actually waiting for entropy (i.e. “randomness”) to be made available in /dev/random. (For dnssec-keygen this can actually be faked, by passing the program a file from which it should consume the random data, but I certainlydon’t
JAN-PIET MENS :: DON'T TRY THIS AT THE OFFICE: /ETC/SUDOERS This is highly embarrassing for me to confess, but let me tell you anyway: yesterday afternoon I successfully completed the biggest #failin my career: I
JAN-PIET MENS :: WHO AM I? I am an independent technical consultant specializing in UNIX & Linux, interoperability, Internet technology and integration. I’m quite proficient in all things UNIX/Linux, and I typically program in C and Python, and I’ve been known to produce workable code in COBOL (but that was a long time ago). JAN-PIET MENS :: DNS OPEN ZONE DATA You might also have a bit of fun (and maybe more suggestions) at determining the number of delegated ccTLD from a root zone transfer.. Estonia. Jaromir writes to mention Estonia provides their zone via AXFR from @zone.internet.ee, and they document it here.. France. Stéphane Bortzmeyer writes to say that AFNIC publish the list of domains for France (); the file you want is called A JAN-PIET MENS :: AN IOS APP UPDATE THAT REALLY ANNOYS ME Almost a year ago I started using a delightful little iOS app called Receipt Box. It did exactly what I wanted: I could tap in an expense and a category, and the app added a geo location to the exp JAN-PIET MENS :: STORING GENERIC PASSWORDS IN MACOS' KEYCHAIN I tend to overlook this frequently, so as a note to self, it’s possible to store arbitrary passwords or secrets in the macOS keychain, so as to use JAN-PIET MENS :: CREATING A SIMPLE PYTHON PIP REPOSITORY I wanted the simplest (i.e. most lightweight) possible repository capable of serving packages in such a way as that Python’s pip would be able to install them. These notes are so that I JAN-PIET MENS :: CUSTOM CREDENTIALS IN ANSIBLE TOWER/AWX Let’s assume you want to access a monitoring host from an Ansible play which is launched by Ansible Tower/AWX, and let’s furtherassume that you
RFC 5011 WITH OPENDNSSEC, BIND, AND UNBOUND DNSSEC uses keys with which it signs DNS records, and there is a school of thought which suggests DNSSEC keys should be rolled (i.e. re-created) every once JAN-PIET MENS :: REVISITING THE POWERDNS "BIND" BACK-END I’ve been doing a lot of work with and testing of the PowerDNS authoritative DNS server lately, and I must say I quickly tire at having to create new zones in its MySQL back-end database. Yes, I can and do use the PowerDNS API or nsedit for that as well as trivial shell scripts, but I remain an aficionado of command-line utilities such as cp and vi for zone file maintenance. JAN-PIET MENS :: TRACKING DHCP LEASES (DNSMASQ) I use dnsmasq as part of the DNSSEC Appliance at Casa Mens, and I had it use a Lua script to notify me when a new DHCP lease is issued. (You may recall that Simon Kelly integrated Lua into dnsmasq two years ago.) That’s all fine and dandy, but I often need to check back which lease was issued. I can do that by logging onto DAP to find the leases file, but that’s cumbersome. JAN-PIET MENS :: HOW TO CONFIGURE YOUR BIND RESOLVERS TO One of the more controversial additions to the BIND name server in version 9.8.0 was a feature called Response Policy Zone Rewriting which allows operators of recursive DNS servers (e.g. servers running at your ISP or in your corporate environment) to rewrite answers returned by authoritative DNS servers. (Paul Vixie had spoken about RPZ in Taking Back the DNS mid last year.)*
* IPv6
*
* Search
* Pages
* Archives
* @jpmens
* About
* Support
JAN-PIET MENS
DELOCK MQTT-ENABLED POWER SOCKET SWITCHES Via Kristian came a linkto two
MQTT-capable and HTTP-enabled power socket switches by _Delock_: one goes by the model number 11826, and the
second is called 11827and includes
energy monitoring. I ordered one of each as it’s been a while since I toyed with stuff, and after all it is almost christmas… The taller but slimmer plug on the left is the 11827, and the squatter square one on the right the 11826. They look rather nice, and both have a button inset next to a minuscule LED. A touch of the button flicks the switch itself and, depending on how long and how often it is pressed, can trigger Over The Air (OTA) updates of the firmware and reset the device to factory settings, and all manner of other things. The included leaflet is sufficient to get started. Plugging the device into mains has it create a WiFi access point I connect to, and I can then configure it to connect to my home network. The Tasmota firmware spoke German to me all the time, and the only reason I can think of, as my browsers are all set to English, is that it was built that way for delivery here. Ronaldconfirms that
and
explains I can flash the device with an en firmware from here (I pasted the link to tasmota.bin into the firmware update page). Once I enter the information for my WiFi router, the device reboots. This is the moment I switch the phone back to my environment and access the device again via its new IP address. From the device’s Web UI I can switch the power on or off. I can also switch the load via HTTP (I think it’s the first time I see the word “command” abbreviated to “cmnd”, and this could have been a PUT or at least a POST request, but I suppose it doesn’tmatter.)
$ curl "http://192.168.1.167/cm?cmnd=Power%20toggle"{"POWER":"ON"}
$ curl -d POWER=TOGGLE "http://192.168.1.167/cm" {"WARNING":"Befehl eingeben cmnd="} The documented “Extra feature” of using cmnd=Strom in the German language, doesn’t work. The next was setting up MQTT , pretty easy if you’ve done this before,
which I have. :-) I configured host, port, username, and password, as well as clientID and topic branch, which ended up being lamp/11826/%prefix%/%topic%/; the device fills %prefix% and by default %topic% with the word “delock”. I found that bit of UI to be a bit confusing, but clarity ensued when I booted the device: $ mosquitto_sub -v -t 'lamp/#' lamp/11826/tele/delock/LWT Online lamp/11826/cmnd/delock/POWER (null) lamp/11826/tele/delock/INFO1 {"Module":"Delock 11826v1","Version":"6.7.1(basic)","FallbackTopic":"cmnd/DVES_D8E724_fb/","GroupTopic":"donoffs"} lamp/11826/tele/delock/INFO2 {"WebServerMode":"Admin","Hostname":"delock-1828","IPAddress":"192.168.1.167"} lamp/11826/tele/delock/INFO3 {"RestartReason":"Software/System restart"} lamp/11826/stat/delock/RESULT {"POWER":"ON"} lamp/11826/stat/delock/POWER ON The LWT topic is retained and indicates whether the device is online; the actual last will and testament payload is the string Offline value when the device goes offline. If I had actually _read_ those messages I might have seen “GroupTopic”, but I’m not sure I would have actually understood what it does. Instead I resorted to setting the device to do syslog and found out which topic the device subscribes to (“abonniere” is “I’m subscribing” in German). I could also have seen the subscribes in the MQTT brokerlogs:
delock-1828 ESP-HTP: Web-Server aktiv bei delock-1828.local mit IP-Adresse 192.168.1.167 delock-1828 ESP-UPP: Multicast (wieder-)verbunden delock-1828 ESP-NTP: Drift 0, (UTC) Sun Nov 22 13:10:55 2020, (DST) Sun Mar 29 02:00:00 2020, (STD) Sun Oct 25 03:00:00 2020 delock-1828 ESP-UPP: Multicast deaktiviert delock-1828 ESP-MQT: Verbindungsversuch... delock-1828 ESP-MQT: verbunden delock-1828 ESP-MQT: lamp/11826/tele/delock/LWT = Online (beibehalten) delock-1828 ESP-MQT: lamp/11826/cmnd/delock/POWER = delock-1828 ESP-MQT: abonniere lamp/11826/cmnd/delock/# delock-1828 ESP-MQT: abonniere lamp/11826/cmnd/donoffs/# delock-1828 ESP-MQT: abonniere cmnd/DVES_D8E724_fb/# delock-1828 ESP-MQT: lamp/11826/tele/delock/INFO1 = {"Module":"Delock 11826v1","Version":"6.7.1(basic)","FallbackTopic":"cmnd/DVES_D8E724_fb/","GroupTopic":"donoffs"} delock-1828 ESP-MQT: lamp/11826/tele/delock/INFO2 = {"WebServerMode":"Admin","Hostname":"delock-1828","IPAddress":"192.168.1.167"} delock-1828 ESP-MQT: lamp/11826/tele/delock/INFO3 = {"RestartReason":"Fatal exception:9 flag:2 (EXCEPTION) epc1:0x40105590 epc2:0x00000000 epc3:0x00000000 excvaddr:0x000 See that crash report in the last line? The device keep crashing and rebooting until I reconfigured its _syslog_ report to “info” downfrom “debug”.
So, with the topics available, I can now switch the lamps on, off, or toggle their status. I’m indicating this here with pub for publish and sub for what I get when subscribed to the specific topic: pub lamp/11826/cmnd/donoffs/POWER -m TOGGLE sub lamp/11826/stat/delock/RESULT {"POWER":"ON"} sub lamp/11826/stat/delock/POWER ON Every five minutes, the device reports state at lamp/11826/tele/delock/STATE:{
"Time": "2020-11-22T14:21:45", "Uptime": "0T00:10:16","UptimeSec": 616,
"Vcc": 3.466,
"Heap": 26,
"SleepMode": "Dynamic","Sleep": 50,
"LoadAvg": 19,
"MqttCount": 1,
"POWER": "ON",
"Wifi": {
"AP": 1,
"SSId": "my-wifi",
"BSSId": "01:01:01:01:AB:CD","Channel": 6,
"RSSI": 88,
"LinkCount": 1,
"Downtime": "0T00:00:05"}
}
Let’s plug in the 11827with energy
monitor and do the same setup. Immediately on its Web-based home page I see the energy consumption of the small test lamp I’ve pluggedinto it:
After a short time the device publishes to lamp/11827/tele/delock/SENSOR:{
"Time": "2020-11-22T15:20:42","ENERGY": {
"TotalStartTime": "2020-11-22T15:12:39","Total": 0.003,
"Yesterday": 0,
"Today": 0.003,
"Power": 28,
"ApparentPower": 28, "ReactivePower": 0,"Factor": 1,
"Voltage": 233,
"Current": 0.12
}
}
Last, but possibly not least, is a scheduler (think cron(8)) with up to sixteen timers. Each timer can switch the load on or off, or toggle it’s state and blink it (we might not want to do that with most loads). I can specify days of the week at which this should occur, a particular time or let it do its thing at sunrise or sundown, and even set a random fudge factor of up to +- 15 minutes to pretend the schedule is not a schedule. When the schedule fires, I get a POWER ON/OFF published to MQTT, but I’m not told it’s due to the schedule, which could be a nice thingto have.
I can type commands into the Web UI to set, e.g. dark mode, and there’s a list of valid MQTT commands on the Tasmotapages.
All in all, apart from the documentation which is very minimal, these little devices are quite nice and do what they’re supposed to do. Once again, I don’t believe WiFi is the correct carrier for doing this kind of thing (what do I do if I have to or want to change the WiFi password, eh?), but at this price, no complaints. Oh, the price? I paid EUR 17.14 for the 11826and EUR 19.90
for the 11827
with energy monitoring, about a third of what the nice Fibaro switchescost me back then .
FURTHER READING
* Gonzague reminds me of the Shelly modules.
UPDATES
* Thanks to @J3Gr_
who teaches me
how to configure the device’s template after reflashing it OTA with the stock (9.1.0) tasmota.bin: > Did the following: took the bin from official tasmota OTA, flashed, > after flashing the template seemed resetted, go to > https://templates.blakadder.com/delock_11827.html and took the > template string, inserted into UI, save and done. For posterity, the template string is {"NAME":"Delock 11827","GPIO":,"FLAG":0,"BASE":53}*
I discover I can publish a command Webserver with parameter 1 (user mode) or 2 (admin mode) which hides/shows the full UI. In user mode I see the Toggle button on the UI only. The Webserver mode is persistent. (Warning: 0 disables the Web server entirely.) MQTT, HTTP, DIY, and home automation :: 22 Nov 2020“solutions”.
Joplin has three features which convinced meto adopt it:
* WebDAV as one of the supported cloud services * Clients for macOS, iOS, and Android * Markdown syntax for the notes In addition to different methods for importing and exporting data (I wouldn’t want to lock myself in, would I now), Joplin has an API. It is
enabled by launching Joplin’s _Web Clipper_ service via its preferences and listens for HTTP requests on port 41184 by default. The preference page also lists the _token_ required for accessing theAPI.
TWEETS IN JOPLIN
For a long time I’ve wanted to be able to collect specific tweets in my notes, and I thought I’d use the API to do so. The Python program can surely be improved upon , but it works well for what I want it to do. I give it a URL to an individual tweet (it could also go through my favorites, but I don’t necessarily want only favorites), and the utility uses Tweepy to grab the status’ text, downloads its images and uploads these as so-called _resources_ to Joplin, and then creates a new note. The Markdown of the note has image links to Joplin’s _resources_. The screenshots show the result: above on macOS, below on iOS. Joplin’s been very reliable so far, and I hope that doesn’t change with me battering it this way. Updating Joplin is a bit cumbersome on macOS because I have to download and install a .dmg which I then allow macOS to launch, but I can live with that. notes and api :: 09 Oct 2020,
using them as fodder in an application students have to set up, and I decided to use the same data set in an exercise for an advanced Ansible training we’re developing. The problem with the data I had is that I was about 97.2% sure that I was permitted to use it, but there wasn’t a really clear license associated with it. I’ve meanwhile found OurAirports ; they provide a public domain data set, and on the weekend I had a bit of fun with it. First I wrote an HTTP airport data server which will be running on lab machines. Students will be tasked with the assembly of an Ansible _lookup plugin_ to obtain data from that server for use in templates. (I should probably clarify that my trainings are designed to run without a connection to the Internet – there have been a number of occasions when I’ve had to give trainings in environments which just do not permit their users to use such resources, hence the localservice.)
vars:
fra: "{{ lookup('airport', 'fra') }}"tasks:
- debug: var=fra
TASK ************************************************************************ok: => {
"fra": {
"cc": "DE",
"city": "Frankfurt am Main","iata": "FRA",
"id": "2212",
"lat": "50.033333","lon": "8.570556",
"name": "Frankfurt am Main Airport", "osm": "https://openstreetmap.org/?mlat=50.033333&mlon=8.570556&zoom=12", "type": "large_airport"}
}
JUST PUT IT IN THE DNS! I thought it’d be amusing to provide the public domain data via the DNS, so I did just that. Each airport has a couple of TXTand a LOC
record associated with it. The domain name is the 3-letter IATAcode:
$ dig +short BCN.air.jpmens.net TXT "cc:ES; m:Barcelona; t:large, n:Barcelona International Airport" $ dig +short BCN.air.jpmens.net LOC 41 17 49.560 N 2 4 42.456 E 4.00m 1m 10000m 10m we also provide a URI which loads an OpenStreetmap.org map to the correct location, and if it’s in the source data, a URI to the Wikipedia page: $ dig +short CDG.air.jpmens.net URI 10 1 "https://openstreetmap.org/?mlat=49.012798&mlon=2.55&zoom=12" 10 2 "https://en.wikipedia.org/wiki/Charles_de_Gaulle_Airport" You can obtain the IATA codes indexed by city, providing you spell it as OurAirports has, and in addition to IDNAnames
I’ve un-unicoded the names, so Münster becomes “munster”, and Tromsø becomes “tromso”. Query the domain for TXT records for thecity:
$ dig +short PARIS.air.jpmens.net TXT "PHT," "PRX," "LBG," "CDG," "ORY" I generate a file with resource records I then $INCLUDE into a zone master file, and I’m making this zone data file available in thisrepository for
self-hosting. Do tell me if you use it, and I’ll add a pointer to your DNS server if you like. I assume the data is relatively static (who is building airports nowadays – even BERhas been
completed but marked “closed”), but if we should notice it’s very volatile we can easily add dynamic DNS updatesto
update the DNS on the fly. Whether this is useful is in the eye of the beholder. I can say, that I quite frequently use my country-code lookup servicein the DNS.
$ dig +short JP.cc.jpmens.net TXT"JAPAN"
So, have I now finally earned myself this mug? As usual, do talk to me if you have ideas for improvement.UPDATES
* Standing of the shoulders of a giant , I’ve added support for IDNA in the city to IATA mappings; use a client which has IDNA support to query for “düsseldorf” * Mentioned on Stéphane Bortzmeyer’s on peut tout mettre dans le DNS, même les codes postaux.
* Oli Schacher whipped up a service which provides the locations of postal codes in Switzerland via the DNS in the zone zipdns.ch, e.g. via the looking glass:
* Inspired by Stéphane’s and Oli’s work on zip codes, I’ve set up an additional zone with forward/reverse lookups of zip codes in Germany (Postleitzahlen), based on publicly available data. $ dig PASSAU.zipde.jpmens.net TXT ;; ANSWER SECTION: PASSAU.zipde.jpmens.net. 604800 IN TXT "94036" PASSAU.zipde.jpmens.net. 604800 IN TXT "94034" PASSAU.zipde.jpmens.net. 604800 IN TXT "94032" $ dig 94034.zipde.jpmens.net TXT ;; ANSWER SECTION: 94034.zipde.jpmens.net. 604800 IN TXT "Passau" * Florian blames me became inspired by what we all did here, and he built a zonewhich currently
holds 200,000 entries in PowerDNS with UN/LOCODE . Florian and his colleagues use these codes to name anycast instances of k-root as IATA codes are too coarse for theirpurposes.
$ dig +short nl-ams.locode.sha256.net LOC 52 24 0.000 N 4 49 0.000 E 0.00m 1m 10000m 10m $ dig +short nl-ams.locode.sha256.net TXT"Amsterdam, NL"
All these zones we speak of here are DNSSEC signed. DNS and ansible :: 04 Oct 2020almost exactly six
years ago.
ansible_managed | {{ ansible_managed }} template_host | {{ template_host }} template_uid | {{ template_uid }} template_path | {{ template_path }} The output from this template was something like ansible_managed | Ansible managed: /tmp/a/input.j2 modified on 2020-09-29 14:12:44 by jpm on rabbit.ww.mens.de template_host | rabbit.ww.mens.de template_uid | jpm template_path | /tmp/a/input.j2 The {{ ansible_managed }} variable was (and still is) configurable via the ansible.cfg mechanisms, and I recall spending quite some time on the time stamp feature, i.e. the modification timestamp of the source template on the controller. It was meant to change on the target only when the source template was modified. All was fine and dandy. Ithought.
Years later somebody noticed that there are cases, particularly when using _git_, when the timestamp of the source changes involuntarily. This, in my opinion unfortunately, caused the project to change the default handling of {{ ansible_managed }} to henceforth output the string Ansible managed only – rather boring. :-) As mentioned above, we originally made the string configurable, so it’s easy enough to adapt the value to almost anything users want. Here’s the top of my .ansible.cfg showing how the source template file’s modification timestamp is formatted with strftime(3) tokens:nocows = 1
ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host} The other tokens are {file} which contains the full path to the source template, {host} which is the controller’s hostname, and {uid}, the owner name of the source template. There might well be problems with this format on some VCS or remote file system, and quite a few issues have been reported, so configure it as you wish. A different language? Why not? ansible_managed = Cambiado por {uid} Meanwhile certain deprecationsreportedly having
been suggested by developers include * {host} should expand to the inventory hostname rather than thecontroller hostname
* {file} should expand to the destination file rather than thetemplate file.
both of which quite definitely are not the intended behaviour, on the contrary: if I’m looking at the templated file on the remote node, I _know_ on which host I am, and I _know_ the name of the file! I want to know where the file came _from_, which is why we designed itthusly.
I still believe {{ ansible_managed }} is a good idea, and as it’s configurable, we can all use it as we wish, and I for one, hope the variable won’t be removed.Happy templating!
UPDATES
Somebody asked on Mastodon how they could add the last git commit to this variable. It’s not possible to append to {{ ansible_managed }} without modifying the code, but a _lookup plugin_ in the template doesthe trick:
# {{ ansible_managed }} # commit: {{ lookup('pipe', 'git rev-parse --short HEAD') }} ansible :: 29 Sep 2020 :: e-mail IT USED TO BE SIMPLER TO TEACH When I began teaching Unix around anno 1986, the Unix ls(1) utility printed a list of files to _stdout_, one per line. It was trivial to explain the concept of not requiring a program which tells you how many files you have in a directory: > you have a program which outputs one file name per line, and you > have another program which counts lines of input; if you combine the > output of the first with the input of the second via a _pipe_ you > get the information you want This simple idea became a bit more cumbersome to explain when ls changed its default behaviour to output file names in multi-column format: students understandably didn’t immediately realize that ls was playing tricks with isatty(3) when they invoked the program in a shell. Of course not, how should they? Sure, we then showed the effect with ls -1 at a terminal, and demonstrated with ls | cat, etc., but it just wasn’t the same. (At the time I changed from using ls to who(1) – easy to do because these were multi-user systems, and the examples made sense.) Why do I mention this? Today in some versions of Linux ls puts single quotes around file names which contain white space likely in order to have those paths easier to copy and paste, but it does so only if !isatty(). I’m not a great fan of changing a program’s well-known behaviour, specially in a case such as with GNU ls which already uses an environment variable for coloring output; it would likely have been easy to augment that for the file name quoting. It used to be simpler to teach. (But I don’t really teach Unix beginners any more.) :-)UPDATES
* I learn from Quoting File names, that this
behavior was introduced in 2016 already; I’d not noticed, probably because I typically don’t embed spaces in filenames. * Quite a few interesting comments on Hacker news.
*
Somebody also submitted this to Lobste.rs.
Unix :: 27 Sep 2020 :: e-mail OTHER RECENT ENTRIES * 12.04Rediscovering CardDAV * 03.04Zulu time in the macOS status bar * 23.03To Zoom or not to Zoom * 23.03How to dial a tel: URI with a shell script on macOS * 19.03Reverse geocoding the bakery * 08.03Looking up words with DICT* 06.03$MAILPATH
* 05.03Simple solution for outgoing mail from a FreeBSD system * 02.03New desk phone: Grandstream GXP2135 * 28.02Dial A for Ansible and R for Runner* 28.02Charlie &
* 20.02Short report on the FreeBSD training machine * 20.02BIND 9.16 query utilities speak YAML * 13.02Dynamic DNS update on self after DHCP * 11.02My small Ansible inventory poll * 08.02Reading and writing Ansible vault files * 16.01Creating a simple Python pip repository * 06.01Anonymous FTP server on OpenBSD * 27.12TCP Wrappers and Mosquitto * 18.12Display IP address of machine on console* Archives >
Details
Copyright © 2024 ArchiveBay.com. All rights reserved. Terms of Use | Privacy Policy | DMCA | 2021 | Feedback | Advertising | RSS 2.0