Archive for the ‘ Tech ’ Category
This is fascinating.
This has been a long overdue speed upgrade for the service at the office. We can get up to 500mbps at this location but in reality anything over 100mbps will require some expensive hardware upgrades. At this new 75/75 speed it almost matches the speed at the offsite backup servers so those jobs will run much faster.
I recently had cause to export many hundreds of email messages to .pdf. I’ll save you the details as to why but subsequently I needed to know the cost (in time and paper usage) of printing out all of the PDF files; how many pages would it be? How could I know? I previously posted about pdftk so I assumed it would provide me the answer. A bit of Googling led me to commandlinefu and the following solution.
find . -name "*.pdf" -exec pdftk {} dump_data output \; | grep NumberOfPages | awk '{s+=$2} END {print s}'
It worked like a charm.
The answer was “515” pages. Too many I think.
I’ve been running pfSense on a Soekris Net5501 for some time. It’s capable and stable but I have been running it from a compact flash card with limited space which eventually kept me from upgrading to the latest versions and running the graphing back-end; so I’ve upgraded it to run on an SSD. There is a noticeable speed increase in the management front-end and now I have room for all the logging and graphing I would ever need.
After downloading the current pfSense ISO for a full install I booted the Thinkpad from the CD with the SSD attached via an USB > SATA adapter. After the CD booted I chose the “Install” > “Expert” option. Then in my case I picked the “embedded” option for the kernel since the Soekris is headless and needs the serial/no-vga kernel. I did no custom partitioning sine I intended to use the SSD exclusively for pfSense. After the install completed, I put the SSD in the Soekris, attached the serial cable to the Thinkpad and booted it up. At first boot the kernel will fail to find the root partition on the SSD which is not unusual since it was installed by a different machine. At the prompt I needed to manually enter the proper drive/slice and then the boot continued normally. Once fully running I had to ssh into the Soekris and edit the fstab with the proper drive/slice info for the “/” and “swap” partitions. At that point the install was finished and all that was left to do was restore the settings configuration from a backup and put it in service.
I came across this today among other the books on shelf. It’s the first Linux distribution I ever used. I bought it at Comp USA sometime back in 1998. If I remember correctly I could not get X working properly but I was able to get it online, use pine to do some email and set up an ftp server on it.
With all the news about the Heartbleed vulnerability in the OpenSSL package lately I figured that I should make sure my servers were patched. In looking at the version I have installed it seemed I was indeed running one of the affected versions.
$ openssl version
OpenSSL 1.0.1 14 Mar 2012
I was concerned and confused because I was sure that I had made all the recent security updates which I did confirm with:
# apt-get dist-upgrade
Reading package lists… Done
Building dependency tree
Reading state information… Done
Calculating upgrade… Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
So I needed to understand how I could be running all the latest updates but still have version of a package that was in the range of known impacted versions. This led me to some “apt” tools I was not previously aware of.
# apt-get changelog openssl
openssl (1.0.1-4ubuntu5.12) precise-security; urgency=medium* SECURITY UPDATE: side-channel attack on Montgomery ladder implementation
– debian/patches/CVE-2014-0076.patch: add and use constant time swap in
crypto/bn/bn.h, crypto/bn/bn_lib.c, crypto/ec/ec2_mult.c,
util/libeay.num.
– CVE-2014-0076
* SECURITY UPDATE: memory disclosure in TLS heartbeat extension
– debian/patches/CVE-2014-0160.patch: use correct lengths in
ssl/d1_both.c, ssl/t1_lib.c.
– CVE-2014-0160— Marc Deslauriers
Mon, 07 Apr 2014 15:45:14 -0400
You can see above in the output of “apt-get changelog openssl”, the comment in bold shows that OpenSSL on my system has indeed been patched. I always love it when I learn something new and useful about how the Debian system works.