Let's once again improve Ansible. Well, this won't work without getting into sources.
Linux Switchdev the Mellanox way
7 min
This is a transcription of a talk that was presented at CSNOG 2020 — video is at the end of the page
Greetings! My name is Alexander Zubkov. I work at Qrator Labs, where we protect our customers against DDoS attacks and provide BGP analytics.
We started using Mellanox switches around 2 or 3 years ago. At the time we got acquainted with Switchdev in Linux and today I want to share with you our experience.
Starting the server
8 min
Even the most experienced and highly qualified system administrators often have only a vague idea of what exactly happens during the server startup process. So, let's look at this process in detail.
The magic of Virtualization: Proxmox VE introductory course
8 min
Today, I am going to explain how to quickly deploy several virtual servers with different operating systems on a single physical server without much effort. This will enable any system administrator to manage the whole corporate IT infrastructure in a centralized manner and save a huge amount of resources.
Ansible: CoreOS to CentOS, 18 months long journey
4 min
There was a custom configuration management solution.
I would like to share the story about a project. The project used to use a custom configuration management solution. Migration lasted 18 months. You can ask me 'Why?'. There are some answers below about changing processes, agreements and workflows.
How to test Ansible and don't go nuts
10 min
It is the translation of my speech at DevOps-40 2020-03-18:
After the second commit, each code becomes legacy. It happens because the original ideas do not meet actual requirements for the system. It is not bad or good thing. It is the nature of infrastructure & agreements between people. Refactoring should align requirements & actual state. Let me call it Infrastructure as Code refactoring.
Safe-enough linux server, a quick security tuning
10 min
Tutorial
The case: You fire up a professionally prepared Linux image at a cloud platform provider (Amazon, DO, Google, Azure, etc.) and it will run a kind of production level service moderately exposed to hacking attacks (non-targeted, non-advanced threats).
What would be the standard quick security related tuning to configure before you install the meat?
release: 2005, Ubuntu + CentOS (supposed to work with Amazon Linux, Fedora, Debian, RHEL as well)
Windows Terminal Preview v0.7 Release
3 min
Another release is out for the Windows Terminal preview! This release is labeled as v0.7 in the About section of the Terminal. As always, you can download the Terminal from the Microsoft Store and from the GitHub releases page. Here’s what’s new in this release:
You are now able to split your Terminal window into multiple panes! This allows you to have multiple command prompts open at the same time within the same tab.
Note: At the moment, you’re only able to open your default profile within a new pane. Opening a profile of your choice is an option we’re planning to include in a future release!
Read more below.
Windows Terminal Updates
Panes
You are now able to split your Terminal window into multiple panes! This allows you to have multiple command prompts open at the same time within the same tab.
Note: At the moment, you’re only able to open your default profile within a new pane. Opening a profile of your choice is an option we’re planning to include in a future release!
Read more below.
Windows Terminal Preview 1910 Release
2 min
Another update to the Windows Terminal has just been released! As always, you can download the Terminal from the Microsoft Store, the Microsoft Store for Business, and GitHub.
Note: In the About popup within the Terminal, this version will appear as v0.6.
Note: In the About popup within the Terminal, this version will appear as v0.6.
Connect to Windows via SSH like in Linux
3 min
Tutorial
The most depressing thing for me is to connect to Windows hosts. I'm not an opponent or a fan of Microsoft and their's products. Every product has its own purpose. But it is really painful for me to connect to Windows servers, because of 2 points: it is hard to configure (Hi WinRM with HTTPS), and it is really unstable (Hello RDP to VMs across the ocean).
Fortunately, I found the project Win32-OpenSSH. I realized that I want to share my experience with it. I believe it will help somebody and save a lot of nerves.
Fortunately, I found the project Win32-OpenSSH. I realized that I want to share my experience with it. I believe it will help somebody and save a lot of nerves.
Who is stealing virtual CPU time?
10 min
Hi! In this article, I want to explain, in layman’s terms, how steal appears in VMs and tell you about some of the less-than-obvious artifacts that we found during research on the topic that I was involved in as CTO of the Mail.ru Cloud Solutions platform. The platform runs KVM.
Free Wireguard VPN service on AWS
9 min
Tutorial
Translation
Free Wireguard VPN service on AWS
The reasoning
The increase of Internet censorship by authoritarian regimes expands the blockage of useful internet resources making impossible the use of the WEB and in essence violates the fundamental right to freedom of opinion and expression enshrined in the Universal Declaration of Human Rights.
Article 19
Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.
The following is the detailed 6 steps instruction for non-IT people to deploy free* VPN service upon Wireguard technology in Amazon Web Services (AWS) cloud infrastructure, using a 12 months free account, on an Instance (virtual machine) run by Ubuntu Server 18.04 LTS.
I tried to make this walkthrough as friendly as possible to people far from IT. The only thing required is assiduity in repeating the steps described below.
Splunk Universal Forwarder in the Docker as a system logs gatherer
7 min
Tutorial
Splunk is the most known commercial product to gather and analyze logs. Even now, when Splunk has stopped sales in the Russian Federation. And that's not a reason not to write the how-to articles about this product.
Dozen tricks with Linux shell which could save your time
10 min
- First of all, you can read this article in russian here.
One evening, I was reading Mastering regular expressions by Jeffrey Friedl , I realized that even if you have all the documentation and a lot of experience, there could be a lot of tricks developed by different people and imprisoned for themselves. All people are different. And techniques that are obvious for certain people may not be obvious to others and look like some kind of weird magic to third person. By the way, I already described several such moments here (in russian) .
For the administrator or the user the command line is not only a tool that can do everything, but also a highly customized tool that could be develops forever. Recently there was a translated article about some useful tricks in CLI. But I feel that the translator do not have enough experience with CLI and didn't follow the tricks described, so many important things could be missed or misunderstood.
Under the cut — a dozen tricks in Linux shell from my personal experience.
How to Discover MongoDB and Elasticsearch Open Databases
3 min
Some time ago among security researchers, it was very “fashionable” to find improperly configured AWS cloud storages with various kinds of confidential information. At that time, I even published a small note about how Amazon S3 open cloud storage is discovered.
However, time passes and the focus in research has shifted to the search for unsecured and exposed public domain databases. More than half of the known cases of large data leaks over the past year are leaks from open databases.
Today we will try to figure out how such databases are discovered by security researchers...
A small notebook for a system administrator
21 min
I am a system administrator, and I need a small, lightweight notebook for every day carrying. Of course, not just to carry it, but for use it to work.
I already have a ThinkPad x200, but it’s heavier than I would like. And among the lightweight notebooks, I did not find anything suitable. All of them imitate the MacBook Air: thin, shiny, glamorous, and they all critically lack ports. Such notebook is suitable for posting photos on Instagram, but not for work. At least not for mine.
After not finding anything suitable, I thought about how a notebook would turn out if it were developed not with design, but the needs of real users in mind. System administrators, for example. Or people serving telecommunications equipment in hard-to-reach places — on roofs, masts, in the woods, literally in the middle of nowhere.
The results of my thoughts are presented in this article.
I already have a ThinkPad x200, but it’s heavier than I would like. And among the lightweight notebooks, I did not find anything suitable. All of them imitate the MacBook Air: thin, shiny, glamorous, and they all critically lack ports. Such notebook is suitable for posting photos on Instagram, but not for work. At least not for mine.
After not finding anything suitable, I thought about how a notebook would turn out if it were developed not with design, but the needs of real users in mind. System administrators, for example. Or people serving telecommunications equipment in hard-to-reach places — on roofs, masts, in the woods, literally in the middle of nowhere.
The results of my thoughts are presented in this article.
Writing yet another Kubernetes templating tool
8 min
If you are working with Kubernetes environment then you probably make use of several existing templating tools, some of them being a part of package managers such as Helm or Ksonnet, or just templating languages (Jinja2, Go template etc.). All of them have their own drawbacks as well as advantages and we are going to go through them and write our own tool that will try to combine the best features.
About monitoring
3 min
Monitoring is the most important part of your infrastructure. Monitoring is system engineers basics. However, everyone has his own way to understand it. My way consist of denial. anger & acceptance.
How to crack a self-service terminal and why 80% of them are under threat
2 min
Translation
Author of the original post in Russian: frsamara
I always loved playing with things and testing them under all sorts of wacky conditions as a kid and even considered getting a job as a tester, but I never did. Nevertheless, I still like taking things made by someone else and poking them for vulnerabilities.
I remember, when first self-service payment terminals started popping around town, I saw one of them put up a browser window while updating, and the game was on — I broke it almost immediately. There’s been a lot of discussion about it since then and developers have started to pay a lot more attention towards security in these machines.
Recently, fast-food joints have started installing these terminals. Obviously, it’s quite convenient: just tap a couple of virtual buttons, place an order, pay with a bank card and wait for your number to show on the screen.
Also, nearly every big mall has these interactive boards with floor plans and information on various sales and discounts.
How secure are they?
I always loved playing with things and testing them under all sorts of wacky conditions as a kid and even considered getting a job as a tester, but I never did. Nevertheless, I still like taking things made by someone else and poking them for vulnerabilities.
I remember, when first self-service payment terminals started popping around town, I saw one of them put up a browser window while updating, and the game was on — I broke it almost immediately. There’s been a lot of discussion about it since then and developers have started to pay a lot more attention towards security in these machines.
Recently, fast-food joints have started installing these terminals. Obviously, it’s quite convenient: just tap a couple of virtual buttons, place an order, pay with a bank card and wait for your number to show on the screen.
Also, nearly every big mall has these interactive boards with floor plans and information on various sales and discounts.
How secure are they?