Work

xrayspx's picture

Thanks Again AT&T

Music: 

-- this was an email I wrote but I just pasted it here instead so it's...emailey

I just totally assumed that this is exactly what happened and started writing, but then I looked it up and I'm really happy that reality is exactly how I imagined it.

In 1922 AT&T standardized the 19" rack with 1.75" RU modules, generally now 42u or 45u high, but obviously, sky's the limit with those early switches.

But there were admins, just like me, in the '20s and '30s who now supported literal TONS of hardware in 19" racks bolted to their floor. Oh, new smaller super switch comes out? Good. Fits my 19" racks, thanks AT&T.

Then one day, hey, who're these IBM guys rolling shit in here?  What is that some calculator doodad?  Yeah, whatever, 19" racks, bolted to my floor. Figure it out.

Oh it's the '40s and you're building some whiz-bang tubemajigga to make your bombs boom bigger. Yeah take your insane death machine and get it in the 19" racks bolted to my floor.

That's not to say that IBM and DEC didn't build shit that didn't fit in a rack, but they at least respected the aisle depth and their cabinets were often just extra-roomy 19" racks bolted together. A lot of times I think the internal components bolted into internal 19" racks. *

'90s? Where'd these DotCom weenies come from and why did they just rent the whole datacenter? They're building their shit into desktop machines? Who fuckin' cares, make 'em cram it in that 19" rack.  **

I just love that AT&T did that, and that generations of asshole Operations Guys like me have made everyone adhere to it for 100 years.

Let's hope Skynet gets why it's trapped in 19" racks forever.  Sorry, assholeGPT I don't make the rules. ***

 

* There was a small IBM zSeries that was constantly in my way at C&W in Bermuda. I would alternate between tripping over it and using it as a standing desk and storage rack. I don't know what bank owned that stupid thing but I'm sad to say I never spilled anything in it.  There was a very leaky AC duct right in front of that machine that I always wacked my head on too, so it totally would have looked like an accident.

 

** I did this.  Some customer of mine in 2000 rented /open/ rack space like by the RU from what was at the time Boston Datacenters, in the Charlestown Hood plant.  That was some sketchy as frig shit.  Literally their two stupid desktop machines with their beta version PCI card based load balancers.  Phobos.  Utah.  I think.  Look it up.

 

*** Just occurred to me writing that that I literally watched Jeeves get shot in the face and dragged out behind the dumpster.  There were several dozen racks one week, all gone the next from AT&T in Billerica.  Matlab was also there with racks and racks of Xserve's.  Wonder how that investment paid off.  I think it was all for QA automation running lots of desktop instances or something.

 

 

xrayspx's picture

And you wanted to be my latex salesman

Music: 

For a brief moment I considered wiping one of these decommed Netscalers and using it to replace a Raspberry Pi for "around the house" tasks.

Well not with a sound like that mister. You're going back in the barn:

xrayspx's picture

Two Step Remote Assistance Tool

Music: 

My mom has a Mac, and occasionally something will fuck up in a way that is best fixed by me having some control over her machine.  I had one of those cases last week and it was embarrassing that there was no good way for me to get remote access.  Google Meet doesn't cut it, but there's a whole other Chrome Remote Desktop app, but that was a lot of hoops to install and gave up any hope of walking my mother through the install process.

xrayspx's picture

Search for Certificates on Windows Systems

Music: 

Nine Inch Nails - Broken

Here are a lot of words about what's essentially a one-line CMD + Powershell script...

I've recently run into a situation where a trusted root certificate authority certificate was missing from several Windows systems in multiple locations and domains. This was causing an issue with automation which reached out to a site which had a certificate signed by that CA. I can see a good use case for this if an organization has their own CA and needs to verify that all endpoints have that CA certificate in their trust store for example.

xrayspx's picture

Mac Classic - First Impression

Music: 

"Works As Intended" they said....

Unless Craigslist Guy was using a sharpie to play tic-tac-toe on the wavy checkerboard screen, we have different definitions of "intended".

Of course if the intention is that we have a project now, well then Mission Accomplished. Replacement caps are on the way. The board itself looks totally clean aside from the standard nicotine layer gooped everywhere, but no visible corrosion or damage.



xrayspx's picture

Lattice of Convenience - MP3 Playlists

Music: 

Underworld - Kittens

Hopefully everyone can live in the future someday.

We do a lot with MP3 playlists. I run Airsonic for streaming around the house and in the car, and we have a playlist-based FM transmitter setup, etc. So I have scripts which run every night and generate playlists based on star ratings and other things (GET THE LED OUT ANYONE?).

Previously what I've done is dump the contents of a bunch of Smart Playlists in Clementine to a file and use those files to generate the randomized 200 track daily playlists. The downside to that is that every time I add music or change star ratings, I'd have to refresh these "base" files like some kind of animal. I had base playlists for "3+ stars", "4+ Stars" and "5 Stars", among others.

Today I decided to fix all that. Clementine uses a SQLite3 database, so now I'm just querying it instead, and it seems to be working well. For example, my "5 star" playlist in Clementine results in 10800 or so tracks. The same one built from the DB ends up with a couple hundred more tracks, but is pretty close. I'm not entirely sure what the difference there is just yet, but "close enough". What it looks like to me is I probably need to enable Samba case sensitivity.

The DB records ratings as decimal numbers from 0.0 (Zero stars) through 1.0 (5 Stars). So to build a "4-Star +" playlist, searching for rating >= "0.8", you get ratings like this:

1
1.10000002384186
0.800000011920929
0.800000011920929
0.800000011920929
1.10000002384186
1.10000002384186
0.800000011920929
0.800000011920929
1
1
1
1

! Caveat: Prior to Clementine 1.4.0rc1-533-gf4e70face there was a bug where it was possible to give a song a higher than 5 star rating (higher than 1.0 in the DB) as you can see above, so know that if you have Clementine from the repositories, it's likely you have that bug. For instance in the UI, if you want to show all 5 star songs, use "Rating is Greater Than 4.5 Stars" rather than "Rating is Equal to 5 Stars".

Now I can just have a cron job to copy the master Clementine DB once a day to my server and drop it in next to the playlist generation scripts.

The downside to all this is speed. When using the Clementine-Generated base playlists, I could be sure all the files actually exist on disk. However while Clementine will only show you files that exist in the UI, it doesn't seem to do a very good job of cleaning the database of stale files which no longer exist. So if you move or rename files, the old DB entries stick around unless you purge it completely and start over from scratch. That means I have to test every single file as I add it to the playlist, which takes time. It takes about 5-8 seconds to generate my 200 track 5-Star M3U file.

The 5-Star.sh script is below if you'd like to play along at home:

  


#!/bin/bash

rm /Volumes/Filestore/CDs/playlists/5\ Stars.m3u

i=1

while [ $i -le 200 ]
do
 file=$(sqlite3 ./clementine.db "select filename from songs where rating > "0.9" order by random() limit 1;" | awk -F "file://" '{print $2}')

 ### Clementine data encodes special characters and accent marks and stuff so I'm using
 ### Joel Parker Henderson's urldecode.sh to undo that: https://gist.github.com/cdown/1163649
 
 data=$(urldecode.sh "$file")
 if [ -f "$data" ]
 then
  ### Have to escape leading brackets because grep treated it as a range and would allow duplicates ###
  ### Can't do that in "data" because \[ isn't in the filename so they'll fail ###

  escaped=$(echo "$data" | sed 's/\[/\\[/g')
  #echo "$escaped"

  ### Avoid duplicates
  match=$(grep -i "$escaped" /Volumes/Filestore/CDs/playlists/5\ Stars.m3u)
  if [ -z "$match" ]
  then
   echo "$data" >> /Volumes/Filestore/CDs/playlists/5\ Stars.m3u
   ((i++))
  fi
 fi
done

For the 3+ and 4+ lists, I repeat this main block, but instead each rating dumps into a text file that I randomize into an .m3u at the end. So for the 3-Star + script below, I collect 130 5-star tracks, 45 4-star, and 25 3-star, push them out to a temp file and then cat temp.m3u | sort -R > "./3 Star +.m3u". I could do all this by creating a new table in the database and stuffing tracks into that, but this was faster for me to write and it works well enough:


#!/bin/bash

rm /Volumes/Filestore/CDs/playlists/3\ Stars\ +.m3u

i=1

while [ $i -le 130 ]
do
 file=$(sqlite3 ./clementine.db "select filename from songs where rating > "0.9" order by random() limit 1;" | awk -F "file://" '{print $2}')

 ### Clementine data encodes special characters and accent marks and stuff so I'm using
 ### Joel Parker Henderson's urldecode.sh to undo that: https://gist.github.com/cdown/1163649
 
 data=$(urldecode.sh "$file")
 if [ -f "$data" ]
 then
  ### Have to escape leading brackets because grep treated it as a range and would allow duplicates ###
  ### Can't do that in "data" because \[ isn't in the filename so they'll fail ###

  escaped=$(echo "$data" | sed 's/\[/\\[/g')
  #echo "$escaped"

  ### Avoid duplicates
  match=$(grep -i "$escaped" ./3-star-tmp.m3u)
  if [ -z "$match" ]
  then
   echo "$data" >> ./3-star-tmp.m3u
   ((i++))
  fi
 fi
done

i=1

while [ $i -le 45 ]
do
  file=$(sqlite3 ./clementine.db "select filename from songs where rating >= "0.8" and rating

  ### Clementine data encodes special characters and accent marks and stuff so I'm using
  ### Joel Parker Henderson's urldecode.sh to undo that: https://gist.github.com/cdown/1163649

  data=$(urldecode.sh "$file")
  if [ -f "$data" ]
  then
   ### Have to escape leading brackets because grep treated it as a range and would allow duplicates ###
   ### Can't do that in "data" because \[ isn't in the filename so they'll fail ###

   escaped=$(echo "$data" | sed 's/\[/\\[/g')
   #echo "$escaped"

   ### Avoid duplicates
   match=$(grep -i "$escaped" ./3-star-tmp.m3u)
   if [ -z "$match" ]
   then
    echo "$data" >> ./3-star-tmp.m3u
    ((i++))
   fi
  fi
done

i=1

while [ $i -le 25 ]
do
  file=$(sqlite3 ./clementine.db "select filename from songs where rating >= "0.6" and rating

  ### Clementine data encodes special characters and accent marks and stuff so I'm using
  ### Joel Parker Henderson's urldecode.sh to undo that: https://gist.github.com/cdown/1163649

  data=$(urldecode.sh "$file")
  if [ -f "$data" ]
  then
   ### Have to escape leading brackets because grep treated it as a range and would allow duplicates ###
   ### Can't do that in "data" because \[ isn't in the filename so they'll fail ###

   escaped=$(echo "$data" | sed 's/\[/\\[/g')
   #echo "$escaped"

   ### Avoid duplicates
   match=$(grep -i "$escaped" ./3-star-tmp.m3u)
   if [ -z "$match" ]
   then
    echo "$data" >> ./3-star-tmp.m3u
    ((i++))
   fi
  fi
done

cat ./3-star-tmp.m3u | sort -R > /Volumes/Filestore/CDs/playlists/3\ Stars\ +.m3u

rm ./3-star-tmp.m3u

xrayspx's picture

Caching Password passer

Similar to the RDP Launcher, I occasionally need to grab passwords that I use all the time from KeePassXC to paste into various forms or prompts. Basically anything I use more than once per day, I have defined in this script for quick access. I don't want to be able to remember these, and I also don't want to have to interact with the password manager UI if I'm in a shell.

RDPLauncher

TL;DR: Here's the Link:
RDPLauncher

I use RDP a lot and had some scripts to let me launch lots of RDP sessions without having to enter my random-generated passwords over and over. I wasn't happy with how I was handling those passwords so I've made it more secure using gpg and KeePassXC. Last night I made it compatible with Windows and MSTSC which will be uploaded here shortly once it's cleaned up a bit.

Basically I'll click a shortcut for whatever host, which runs my launcher. I get prompted for my GPG passphrase, which reads from an encrypted file containing my KeePassXC passphrase, which is then used to retrieve the user password for launching the RDP session.

Gpg-agent uses a cache-TTL to "hold the door open" for 10 minutes by default, so I can launch a bunch of sessions and only type my passphrase once.

Requirements:

- gpg client and running gpg-agent (gpg4win, etc) with a private key set up, etc.
- cygwin if you're running Windows
- KeePassXC (or some other key-store that has a command-line interface
to query the database. In the beginning I was just using the gpg file
with user/password pairs, so that works too)

The tool has a few neat features:

- If run from the command line with no arguments, it will prompt for user/pass/host/domain, good for one-off sessions to machines I won't log into much. That's great since I spend all my time in terminal windows and this stops me having to go back and forth to the mouse and keyboard while entering credentials.

- If launched with -b, it prompts you for information for a one-off connection, but will also build a new shortcut launcher from a template. So like for the first connection to a machine you know you're going to use a lot. (Linux/Mac only)

- Automatically tunnel sessions over ssh. This means I can launch RDP sessions on my Mac and they'll seamlessly proxy through my work laptop to the VPN.

For tunneling, I am taking an arbitrary range of 200 ports and incrementing them based on what's currently listening. If there's already a process listening on port 6201, then try 6202 etc until there's an open one. So I can easily open 20-30 ssh tunneled sessions each with its own ssh process which will close down when the RDP window closes. 200 is "probably overkill", which means it might just be barely enough in the real world.

The launcher shortcut mechanics are a bit different on my Linux and Mac machines so I split the -b script builder piece out based on OS. On Linux, I use KDE/Plasma, and so I generate these as KDE desktop files which look like this:

#!/usr/bin/env xdg-open
[Desktop Entry]
Comment[en_US]=
Comment=
Exec=/home/xrayspx/bin/rdplauncher.sh -h it-host.xrayspx.com -d xdomainx -u xrayspx
GenericName[en_US]=
GenericName=host.xrayspx.com
Icon=remmina
MimeType=
Name[en_US]=
Name=host.xrayspx.com
Path=
StartupNotify=true
Terminal=false
TerminalOptions=
Type=Application
X-DBUS-ServiceName=host.xrayspx.com
X-DBUS-StartupType=
X-KDE-SubstituteUID=false
X-KDE-Username=

On the Mac side, I use shell scripts with the extension .rdp (which conflicts with Microsoft's client, but I don't care since I never use their client anyway). Those just launch using Terminal, so it does pop a terminal for a fraction of a second, but I really don't have a problem with that. To get the Terminal window to close (and I do associate these files with Terminal.app specifically rather than iTerm2), open Terminal.app, go to the Terminal menu -> Settings -> Profiles (tab) -> "Basic" or whatever profile is your default -> Shell (tab). Choose what action to take when the shell exits. I have it set to "Close if the shell exited cleanly" and "ask before closing" set to "only if there are processes other than the login shell..."

The launcher for that looks like:

#! /bin/bash
rdplauncher.sh -h host.xrayspx.com -d xdomainx -u xrayspx &

I generate those from the KDE .desktop files with a command like this:

for host in $(ls | grep "\.desktop$" | awk -F ".desktop" '{print $1}'); do cmd=$(grep Exec $host.desktop | awk -F "xrayspx/bin/" '{print $2}'); echo "\!#/bin/zsh" >> $host.rdp; echo "$cmd &" >> $host.rdp; done

That creates .rdp files in the same directory as the .desktop files, so now they can be moved around, have chmod set, etc.

If I call it with AppleScript or Automator instead of a bash script as above, none of the password retrieval process works. I think it short circuits and sends the output back to the AppleScript rather than the bash script which ran the command. If I can get that working that would be ideal.

The mechanics on Windows are similar to the Mac method. a .bat file which launches the bash script via Cygwin:

C:\cygwin64\bin\mintty.exe -w hide -e /bin/bash -l -c '/home/user/bin/rdplauncher.sh -h host -u username -d domain'

On Windows at least the Cygwin window it creates is hidden from the user, so that's nice.

xrayspx's picture

Lots of RDP

Music: 

Annie Lennox - Why?

Do you do lots of RDP? Like lots and lots? I do, and even with password management it's annoying. I tend to use generated passwords for all my normal user, Domain Admin user and obviously Administrator accounts. That means lots of workarounds to deal with those passwords while doing bulk RDP sessions.

A typical use case for me is to RDP to 20 machines at a time, run a thing, wait, and log out. I've always scripted this, but not always in strictly the safest way. Plaintext passwords stored in a script, or read off disk. The philosophy is "if someone can read this script, I've already lost the game anyway", but still it's ugly and sick, and so I fixed it. In my defense, the Red Team never did pop my laptop...

I already use gpg-agent to facilitate unpacking of log files. On my syslog servers I roll logs over hourly, gzip them and then gpg encrypt them to my key. Then I can download a bunch of them, run my logunpack script, enter my passphrase once and since gpg-agent caches that credential for a period of time, decrypt all my files in one go.

What I wanted here was basically a way to have keepassxc.cli "hold the door open" and cache the passphrase like gpg-agent does. So what I've done is to use gpg-agent itself for that purpose. I have a GPG encrypted file containing my KeePass-XC passphrase, and I open it using gpg-agent, so it can be reused until gpg-cache-ttl expires.

I've also always had slightly different copies of this script for use cases of "Fullscreen on my laptop" and "fullscreen on larger displays", so I have a switch here for "resolution" as well. "fs" for fullscreen or "fsbm" for "big monitors". Since I'll never go to my office again, that's pretty much never going to get used. The default for the $res value will remain 1280x960. Reasonable enough.

I also added prompts so that it'll ask for host, domain, user and password if you run the script with no prompts from a shell. So /that/ will be super useful to me when I have to do a one-off connection to some remote host but don't need a whole launcher for it. While I'm at it, I put in the -b switch so that you can have it generate a launcher based on that input. That saves me hand editing a template when I add a new RDP host.

I use Linux, but this should work with minimal-if-any changes on Mac and Windows/Cygwin, both of which can run xfreerdp and gpg-agent. I have a good automated ssh-tunneled RDP setup for my Mac, so I might try using that with this so I can use a 4k display for those "busy RDP days".

Being that I do run Linux, here's how I launch this. KDE desktop files like this:


xrayspx@dummyhost:~/rdps$ cat windowsmachine
#!/usr/bin/env xdg-open
[Desktop Entry]
Comment[en_US]=
Comment=
Exec=/home/xrayspx/bin/rdplauncher.sh -h windowsmachine -d domain -u xrayspx
GenericName[en_US]=
GenericName=windowsmachine
Icon=remmina
MimeType=
Name[en_US]=
Name=windowsmachine
Path=
StartupNotify=true
Terminal=false
TerminalOptions=
Type=Application
X-DBUS-ServiceName=windowsmachine
X-DBUS-StartupType=
X-KDE-SubstituteUID=false
X-KDE-Username=

So anyway, here's the thing: RDPLauncher

xrayspx's picture

Bouncing from Kodi to EmulationStation, and back

Music: 

Ninety-Nine And A Half (Won't Do) - Wilson PIckett

Update:

----
As pointed out on the RetroPie forum, just add the loop in autostart.sh, duh: I searched for a while before writing this thing and if I'd seen anyone mention that I'd have just done that instead.

while :
do
kodi
emulationstation
done

I also think it makes a more sensible default for RetroPie to implement. That's all I actually wanted at the start.

However...

Now I've added Features. I can hijack my loop and add one-off commands.

So now there's a Desktop button in my Kodi main menu that will touch a file to cause the loop to gracefully exit Kodi and send me to a desktop session. When I leave the desktop session, it takes me back to Kodi. So that's pretty goddamn convenient.

-----

Because if there's one thing I love, it's having to sysadmin my TV.

Like most reasonable people I use a Kodi mediacenter to run my TV. Lately this has been on a Raspberry Pi 4 running RetroPie. Generally people boot RetroPie into EmulationStation and use it as an emulator, such as on an arcade cabinet. I'm also one of those people.

But in this case I primarily use the TV to watch TV shows and movies, but also want to run console games, so I upgraded to a better RPi and migrated from LibreElec to RetroPie.

RetroPie lets you choose whether to boot into EmulationStation or Kodi, which is fine, and the idea is that if you quit Kodi, it loads ES so you can play games. That works fine. Once. The trouble is in going the other way. If you quit EmulationStation, you exit to a shell. If you run Kodi from within the Ports menu in EmulationStation, well, now you're running both ES and Kodi. This also changes the behavior the next time you quit Kodi to play a game. You end up back in the Ports menu with Kodi highlighted, because ES never quit.

So, that's what I fixed.

The way the RetroPie tool works is they create a script at /opt/retropie/configs/all/autostart.sh. If you have Kodi booting first, it will have two lines:

kodi-standalone
emulationstation.

That script gets run at login time for the pi user. Basically it runs Kodi, and autostart.sh is still running. When Kodi exits, it runs ES and autostart.sh exits. If you wanted to you could just put 1000 lines of:

kodi-standalone
emulationstation
kodi-standalone
emulationstation
kodi-standalone
...

However that's ugly, so I kind of daemon-fied it with a bash script of my own that I wanged together in like 10 minutes, and then I launch that through their autostart.sh. I didn't want to replace their script with mine because the RetroPie one could get regenerated with an upgrade or if I hit something in RetroPie-config. It's safer to have their script call mine.

So what I do is I start with whichever application is passed to me in the command line:

autolaunch.sh -f kodi

Then I start an infinite loop and, based on what application the script is called with, it will start the first application. When that app exits, I change the value of the variable so that the next time it loops, it runs the other one:


#! /bin/bash

while getopts f: name
do
  case $name in
    f) fval="$OPTARG";;
    ?) printf "Usage %s: [-f application to start] args\n" $0
    exit 2;;
  esac
done

while :
do
  if [ $fval = kodi ]
  then
    kodi-standalone
    fval="emulationstation"
  elif [ $fval = emulationstation ]
  then
     emulationstation
    fval="kodi"
  fi
done

Downsides and ToDo's:

Obvious downside is that this makes it difficult to get a shell at the console of the machine. However, I can count on one hand the number of times I've had to do that in the last 6 years or so of running my TV from a Raspberry Pi, so I really don't care.

A definite ToDo is to add some level of process control and general safety so I don't somehow end up running a bunch of instances of Kodi and ES. I did test with "Restart Emulationstation", so it would pick up new games, and it seemed to work as expected. It didn't launch another instance of Kodi or anything.

My main ToDo is to have the ability to use more launchers. Basically right now I have a "Games" menu item in my Kodi main menu, I hit it, it just runs the Kodi "Quit" command, which causes ES to start. Same thing in ES, though I'm just quitting it using the context menu at the moment.

I'd like to be able to add a "Desktop Session" button to quit Kodi or ES and launch a desktop with a browser for those very rare times I want a browser on my TV. This would also solve the "can't get a local shell" problem, at least mostly. I could add a "quit to shell" in this way obviously as well. I think the best way to do this is to stop the script as I exit Kodi and restart it with a new starting value, like -f startx. Kind of like if it were a real system daemon.

However I think in my case, since I'm not a very good programmer, I'm going to just bang this out with a file in /var/tmp or somewhere which carries the "Next Command", so rather than update $fval as I am now, I'd check that file and have it read in each loop to set fval. That would allow me to hijack it from outside the loop.

So I'm in Kodi, if I quit, it's going to set $fval to "emulationstation" and load ES. However, if I run a shell script, and /then/ quit or killall kodi-standalone, that shell script can populate /var/tmp/nextcommand or whatever with "startx".

Then, when Kodi quits, it sets $fval to ES, the next loop comes, but instead of just launching ES, we check to see if there's a value in nextcommand. If there is, set $fval to that and run it instead.

Then you'll start an X session, and when that quits, it should take me back to Kodi.

I seem to recall Kodi's internal tools are pretty good, and I can combine "run this external command" with "run this internal 'quit' command" and assign that to a menu "Action". Just need to remember where all that stuff is.

Pages

Subscribe to RSS - Work