Tofu Miso Ramen Recipe

96251894_657806118376399_2454133916500823641_n

Miso Ramen with gai lan (Chinese broccoli)

  • Adapted from: Pickled Plum and Mike’s Mighty Good
  • Prep Time: 15 minutes
  • Cook Time: 10 minutes
  • Total Time: 25 minutes
  • Yield: 2 servings
  • Category: Noodles
  • Method: Stove top
  • Cuisine: Japanese

Continue reading

Compiling the AWS IoT Device SDK for Embedded C on FreeBSD

So for me it wasn’t obvious, but when you’re running make on the subscribe_publish_sample and getting a ton of warnings and errors like “exit 0” and “exec(exit) failed (No such file or directory)” and “Need an operator” and “Wildcard expanding .prevent_execution” it’s because FreeBSD uses a different make than Linux. They use Clang, whereas most Linux Makefiles are written for GCC.

So, what you have to do is explicitly run GNU Make, which is conveniently installed via pkg install gmake and run via gmake.

Voila! Suddenly it works again!

Laser-Cut Middle Earth (Lord of the Rings) Map

In order to laser-cut a map of middle earth for an art project, I first had to find a suitable vector. It seems a lot of the files online have disappeared. This one is simply a scan and vector trace of a rather-complete version of the original map, but extra painstaking work has been done to flatten the scans into one object so that it handles and imports properly (instead of simply being a solid fill layer of trees with white “negative space” layered on top.)

Screenshot from 2018-01-29 16-31-50

Time and Temperature Phone Numbers in Phoenix, Arizona and Santa Rosa, California

I got a bout of nostalgia the other day and decided that Phoenix (602, 480, 623) and Santa Rosa (707) needed Time and Temperature phone numbers again, in the retro style of the 90s and prior.

So if you need to hear a friendly robot voice, or want to know the weather or time, call:

707-210-1917

602-362-8463 (602-362-TIME)

The code is up on Github to make your own with Twilio and Weather Underground: http://github.com/zyphlar/twilio-time-and-temperature/

If you’ve got any ideas for easter eggs or features, hit me up ūüôā

Fixing IPv6-only issues in Ubuntu

Recently some local coffee shops have seemingly begun to use routers provided by the ISP which hand out IPv6 addresses. Nobody else seems to have issues with this (even my phone seems fine) but my laptop is unhappy with the situation.

Initial debugging via ifconfig shows that I am only getting IPv6 addresses (no IPv4 addresses on the WiFi interface) and apparently the ISP does not have any 6to4 gateways or carrier-grade NAT configured because I can access IPv6-enabled websites like http://www.yahoo.com and http://www.google.com but not my own IPv4-only sites. Also obviously the ping, traceroute, and nslookup commands stop working as normal because of the ping6, traceroute6, and AAAA records instead of A records in nslookup.

Last time I came to this cafe I solved the problem by using some random 6to4 gateways online, which ended up working but was a massive pain.

This time, I poked around more (nothing seems to come up on Google) and ended up clicking the “Require IPv4 addressing for this connection to complete” and “Require IPv6 addressing for this connection to complete”¬†checkboxes. That was the trick. Apparently Ubuntu gives up on finding addresses once it gets its first address, and apparently BOTH checkboxes need to be clicked on networks like this in order to actually work.

Chromium / Chrome 53 Users seeing Certificate Transparency errors this week (Nov 10 ish)

If you’re seeing random sites pop up with transparency warnings, it’s due to a new Chrome rollout of that requirement. However they’ve allegedly rolled it back, but Chromium users may be stuck on the strict version.

https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1641380

https://bugs.chromium.org/p/chromium/issues/detail?id=664177

https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&id=ALERT2160&pmv=print&actp=PRINT

https://sslmate.com/blog/post/ct_redaction_in_chrome_53

 

If You Give a User a WYSIWYG

Homemade WYSIWYG installations as part of homemade blog engines or CMSes remind me of that children’s book, “If You Give a Mouse a Cookie.”

If you give a user a blog_posts database table and three form fields, they’re going to want to format things… like bold, headline, paragraphs, and links.

If you give them a way to format things, they’re going to want it to be WYSIWYG.

If you give them a WYSIWYG, Continue reading

California DMV improvement suggestions

I left our first DMV appointment practically empty-handed despite being a 30-year-old college-educated web programmer, and spending probably two hours researching and preparing for our DMV visit.
If I got confused and forgot some necessary documents, I’m sure it’s nearly impossible for most people who don’t know what to do when links don’t take you straight to the right section or have trouble parsing complicated lists of requirements.
Check out Arizona’s MVD site as if you were a new driver or new resident… it’s not perfect, but it seems to do a quite good job hand-holding people through things. They even have a survey at the end of each request for feedback to improve their site. I never had to make two trips to an Arizona MVD, and have done everything 100% online for the last ~7 years there, so it’s pretty decent.
Though, I do greatly appreciate California’s appointment system (which could use clearer outdoor signage at least at Petaluma, by the way… I only saw the Appointment line after standing outside in the rain for fifteen minutes.) Continue reading

Ansible ec2_eni error solution

If you’re using Ansible with the AWS EC2 plugin ec2_eni and getting this error:

AttributeError: 'NetworkInterface' object has no attribute 'attach'

The problem is that the boto¬†NetworkInterface object indeed does not have anything called “attach” — you’re probably using an old version of boto; “attach” was added somewhere between 2.20 and 2.38. So, upgrading your boto version should fix it.

First, check that you don’t have boto installed via your package manager; I opened Ubuntu’s Software Sources and searched for boto, sure enough had to uninstall it.

Then, install the latest version with “sudo pip install boto”. Should work now!

Cable for connecting APRSdroid to a Baofeng UV-82 Radio (APRS via RF)

aprs cable

This cable follows the below¬†diagram precisely; note the color-coded heat shrink, and note that the TRRS plug’s internal wiring is such that the Tip is wired to the furthest-left solder point, followed by R1 and R2, and finally the Sleeve solder point is actually also the strain relief and threaded housing. So you’ve gotta think a bit backwards (and/or use an ohmmeter to check your wiring.)

Sources:

Warning, this alternative *may* be more reliable than mine: https://github.com/johnboiles/BaofengUV5R-TRRS

And this article has a lot of helpful hints: http://www.wcares.org/?page_id=2677

And of course, using a Bluetooth TNC, etc, is going to be much more reliable than this hack. I¬†don’t use this on a regular basis.

Finally, this cable seems to work well on my Samsung Galaxy Nexus, but is not detected as an output by my Nexus 5x when plugged into the radio so it might need different resistor values or connections depending on your devices.

I harvested¬†a cheap Baofeng handheld speaker/microphone for its cable (although you can buy them here — the Kenwood type) and bought a 3.5mm TRRS plug from Digi-key. It’s a bit tight to solder the resistors inside the plug housing, but it is possible (just remember to put the plug housing on the cable BEFORE soldering, otherwise you’ll be unable to put it on later… a mistake I made about three times.)

Here are the diagrams:  Continue reading

Fixing: Cannot set session ID after the session has started in PHPUnit

I got this error after adding an onKernelRequest listener to my Symfony project and trying to pass Twig_Environment to it as an argument. It worked via the web browser, but not in any PHPUnit tests hitting multiple pages.

After much head scratching and reading of the Symfony source code, I ended up making an onKernelException listener instead. Magically, rendering a twig template from it (passing a TwigEngine argument) worked.

So, here’s how I¬†handle custom exceptions in a custom way. Notice I’m testing for Twig_Error_Runtime because my specific error is coming via Twig; you may be able to just test for regular Symfony exceptions instead:

https://gist.github.com/zyphlar/e1089be4c0f0499ab08b

Two Unrelated (No association) Entities in One Form in Symfony2

A lot of tutorials are showing you how to create embedded forms with associations/relations — what about unrelated entities?

I figured out you can pass the second entity as a parameter to the parent form, pass it normally to the embedded form via the ‘data’ parameter, which will let the embedded form update the object. Then just persist() the object back in the controller like normal. No crazy data/request wrangling necessary! Continue reading

Logging NAT/Firewall/state entries in Pfsense

Sometimes you really need to know what computers on your network were doing yesterday at noon, because you get a nastygram from the MPAA about bittorrent demanding that you do something — but bittorrent is notoriously hard to block.

You can try installing BandwidthD on your Pfsense router, to see who’s using a bunch of bandwidth at that time, and you can look back through DHCP or WiFi logs to see who was connected at the time, but the complaint letter tells you the exact time and port number used. Wouldn’t it be cool if you could log that?

Here’s what I came up with.¬†Download the Cron package for Pfsense, and add a new Cron job:

Minute: 1
Hour/etc: *
Who: root
Command: pfctl -ss | egrep '(>.*>|<.*<)' | logger

The firewall states (who is connected to what) will now dump to your system log every hour — kinda noisy, but also kinda effective for tracking long downloads on random ports.

How the Internet Works

How The Internet Really Works: A Hands-On Crash Course from Ethernet to HTTP using Wireshark

Screenshot from 2014-04-04 22:24:37Whether you’re a hacker, IT pro, coder, or just curious, it helps to know exactly how the Internet works: you may understand the idea of connections, but do you understand all the protocols and steps that it takes to create and troubleshoot a connection?

Ever wondered what exactly happens between typing “google.com” into the address bar and seeing the webpage appear on your screen? Do you know what would happen if two computers had slightly different subnet masks, or how ARP spoofing works, or what exactly the Kaminsky DNS attack was, or what happens when you plug a switch back into itself?

This was presented at CactusCon 2014, and the slides / wireshark captures are available here:¬†how-internet-works.zip¬†(the slides are sparse; turn on notes to see what I said for each slide.) If you don’t have PowerPoint, you can download LibreOffice (free) or see the SlideShare.

Also note that this is a semester worth of Networking 101 presented in about an hour; this is enough to get you started Googling for topics of interest and hopefully a gut feeling for all the different things happening during a typical connection, but some bits are omitted– please do more research in order to get a complete understanding. Open Wireshark yourself and send out your own traffic; read books or tutorials, consider certification classes like Network+, Security+, or Cisco.

Finally, I’m happy to answer questions in the comments or on twitter @willbradley .

Full Notes

Just in case you can’t see the notes attached to the slides, here’s my full notes below: Continue reading

On the practical side of starting a hackerspace

Many people have been asking me about starting hackerspaces/makerspaces lately. I’m going to use this post to aggregate their questions and my answers.

What do you think about doing a Kickstarter for seed money?

It’s possible, but “the HeatSync Way” is to find your people first. To do this kind of endeavor it seems like you need 5-15 “good people” who are prepared to stick around for at least a year of creating this business — as a hobby, with perhaps 2-5 hours per week commitment. Continue reading

On Do-ocracy and Structureless Groups

This is a cached copy of a blog post from www.farmckon.net/2012/09/there-are-no-structureless-groups/‚Ä鬆because I think this is a valuable thing to keep and share. I’m not the author.


There are no structureless groups

In the past, one of the orgs I founded was an attempt structurless-ness. In some ways it worked out fine, but in several ways, internally especially, it was always tripping over itself. I burnt out and left for related reasons, but something about the situation has always rubbed me the wrong way.

Why didn’t structureless work? Being a bit of an anarchist, I was pretty sure when I started it, that the do-ocracy system would be better than something with more command and control. It’ only a few years later when reading this article on structurelessness that I realized how non-sense the conceit was to begin with.

TL;DR: Every human group has a structure, it’s inevitable. Specialization, interests, skills, or just I-get-along-with-her-better builds a structure. You can’t have a structureless group.

Continue reading

Best Linux Laptop? Dell XPS13 Developer Edition (“Sputnik”) Review

1-month update! See the bottom of the post.

6-month update! See the bottom again.

1-year update! Seriously, see the bottom.

2-year update at the bottom!

Finally, a 3-year update!

Criteria

As a programmer I needed a laptop that was powerful, lightweight, had a keyboard I liked, and ran Linux well (no driver issues especially with WiFi.)

The Dell caught my eye because it’s almost exactly on par, price and specs wise, with a Macbook Air. (The big difference being battery life: Apple is boasting 12 hour stats that nobody else can touch. But I don’t mind carrying around a charger.)

I considered the competitors: Lenovo¬†X1 Carbon, ASUS Zenbook UX301, System76¬†Galago UltraPro, Chromebook, but either the keyboard layout or Linux compatibility seemed iffy; the Dell is the only one that comes with Linux out of the box aside from System76. It’s obvious that Dell has put significant work into making their laptop compatible with Ubuntu, so I figured I’d support that effort and try it out. The others may work just fine with Linux, or you may be alright with their keyboards/trackpads; up to you! I just can’t stand nub-mice, trackpads that require effort to click, mushy keyboards, layouts that omit function keys, or layouts that place navigation keys in weird places.

Ordering

Firstly, Dell’s website leaves a lot to be desired. The only way to find the XPS13 Developer Edition is to filter by OS and choose Linux; otherwise you’ll only be able to see the XPS13 with Windows. Way to make Linux feel like a second-class citizen!

When narrowing down my final ultrabook options a Dell chat representative popped up, so I asked some questions about the 21 day return policy. The rep’s answers were good enough to convince me to try the Dell out, but he quoted me a system with an Atheros¬†AR9462¬†a/b/g/n Bluetooth 4.0 network card instead of the¬†Intel¬ģ Dual Band Wireless-AC 7260 + Bluetooth 4.0 quoted on the website. He assured me that this was an upgrade, but in hindsight I think there’s a reason the Atheros was cheaper. Many reports online of Dell Support exchanging defective Atheros cards for Intel cards.

Finally, the rep asked me for my credit card info via chat; which, according to my tests, was not encrypted via HTTPS. My warning bells rang all over the place; that can’t be acceptable business/security practice. Finally, my billing address is different than my shipping address, but the quote I received via email didn’t reflect this; I asked about it and the rep assured me my correct shipping address was entered correctly. The order also said it’d take two solid months to ship, but the rep assured me he’d expedite the order and I’d get it much sooner. He finally called me to complete the order (cell phones are more encrypted than HTTP, I guess) but the whole affair felt very shoddy, and my gut was telling me something would go wrong.

A few weeks later (hey, fast!) I got a Fedex tracking number and sure enough it had the destination of my billing address, not my shipping address. Great, so much for promises. Good thing I can forward stuff between addresses without too much pain. None of the rep’s other promised communications happened, just the chat, invoice, and tracking number. Oh well. All’s well that ends well I guess, except I can’t shake the feeling that I’d have been better off trusting my gut and ordering from the website instead of via a representative, and I can imagine some horror scenarios where everything didn’t turn out fine. Definitely go with the website instead.

Update: looks like I saved a few hundred dollars because the Dell rep ordered me an XPS without a touchscreen; so while all the options on the website are expensive models with touchscreens, mine isn’t. Can’t complain, I’m not big on the idea of touchscreen laptops anyway (especially in Linux.)

Update update:¬†looks like I actually got sold the prior-year’s model for a few hundred bucks off. Shitty bait-and-switch, but then again I’m happy with the end result? QUIT PULLING MY HEARTSTRINGS, DELL.

Unboxing

IMG_20140113_153802img_20140113_155318-1IMG_20140113_155239IMG_20140113_155246IMG_20140113_155257

I was worried at first because the shipping box was pretty beat up from its two trips, but the actual product box was unscratched and very sleek. Apple-inspired plastic wrapping around the laptop itself, fabric scratch-resistant sheets, recycled paperboard, etc. Continue reading

How did HeatSync Labs Start?

I just got a message on the HeatSync Labs Facebook account asking about how we started; figured I’d post it here since it’s a common (and necessary) question:

 

What was the goal when Heatsync was still in its building phase?

To create a place that removes obstacles to people making things; to support a community of creators in Arizona and improve the area; to provide resources to the public, since many of us had just graduated from college and didn’t have those resources anymore.

Can you describe how the Workspace came to be? in terms of development, funding, spreading the word, and so on

First, the founders went around to other similar places to see what worked and what didn’t work about those locations; chatting with other founders and learning from them. Then they went around to local meetups to find others who might be interested in using such a space, or helping somehow. Finally we started meeting up in freely accessible areas before we grew to the point where we outstayed our welcome and needed our own dedicated space. Continue reading

24-volt Relay Controlling 120 volts

 

I decided I wanted to make 120 volt AC things get switched on and off via a 24 volt DC signal — so I bought a nice 10amp, 240volt relay at the local Circuit Specialists¬†electronic store and started wiring stuff up as best to code as I know how. (Every time I see this kind of project online, there’s nothing but comments about how the featured project is totally unsafe… with very little in the way of recommendations on what “acceptably safe” would look like. So please, if you comment, do so by providing reference to alternatives that you’d find acceptably safe.)
relay wiring

First, I figured out which contacts on the relay go to which terminals on the relay socket. A multimeter and 24vdc bench power supply helped a bunch with this.

The first major issue was that this wiring scheme required 120vac power line to be on the same side as the 24vdc signal line — I had hoped to keep them separated on opposite sides, but that’s not how the socket was wired.

 

 

Continue reading

Debunking Lies about ObamaCare

Someone shared with me an article from the Forbes blog The Apothecary (link here:¬†http://is.gd/5rTNEa — not a direct link because I don’t want to support the guy’s PageRank) which claims “Obamacare Will Increase Health Spending By $7,450 For A Typical Family of Four.” There was some debate about whether it’s misleading or not, so I checked it out.

The headline is misleading; “over 8 years” is a significant detail they conveniently omitted to generate clicks. The article projects an increase of $700-900 per year “average health spending for a family of 4.” But that’s a lie too. Well not technically, but practically speaking they’re lying. Here’s what the lie looks like, using the same data the author sourced in the article:

Truth: National Health Spending will increase by $62 billion per year MORE under the ACA than otherwise; in 2012, National Health Spending will be $5 trillion instead of $4.94 trillion.
–>
Lie: “ObamaCare will boost health spending by ‘roughly $621 billion'” (Yeah, that’s OVER TEN YEARS; $62b per year when we’re currently at about ~$3 trillion is way less scary than “600 billion!!1”) Continue reading

Troubleshooting PHP’s exec() or shell_exec() on Windows

So you’re trying to get some random program to work when you run exec() or shell_exec() via PHP in Windows; it works when you run it from the command line, but not when you run the same exact script via the web. Maybe it even returns an elusive 255 retval error code.

The first thing you should do is check file/folder permissions, and use utility commands like whoami, dir, and path to make sure things are sane. Also check if any settings (like cd, or set VARIABLE) are staying across multiple commands; usually they don’t, and you need to string them together && like && this or put them all in a batch file. But if all that doesn’t work, try this.

The last bit of environment to check when running something in Windows is, well, ALL THE ENVIRONMENT VARIABLES. There’s a lot of them. You can see them by running:
set
and likewise change them with:
set VARIABLE=value
In order to get my script working, I had to run set via the command line from the user I wanted it to run as (usually your WWW or Inet user) — after testing that the command actually worked from the command line, of course. Then I ran shell_exec(“set”) via the web and compared the outputs. There were a few missing or different environment variables, like HOMEPATH, TEMP, and APPDATA. Once I made them all match (a batch script helped for some reason) it worked like a charm.

Fixing a Honda civic 2007 si audio jack

The heat killed the 3.5mm line-in port on my car, it wouldn’t sense the cord being plugged in and I had to pull it to one side to get it to work. Fortunately you can pull off the cover and pull out the plug from the front without tearing apart the whole dash. Then I soldered a wire between the sensor pins so it’s always “on” (and I just switch audio sources with the buttons on the nav screen.)

image Continue reading

Rails Localization (i18n) tools

I’m tasked with localizing a huge Rails app, and it’s no fun, so I found some tools to help me and made a couple tools myself.

I now have a great script workflow that:

This workflow should take ten minutes aside from the part where you go through and add what the script missed. The Sublime plugins are especially helpful for reducing tedious <%= %> syntax.

On Meritocracy

Apparently the kerfluffle du jour is about meritocracy in the tech industry. I first stumbled across some tweets about “meritocracy” and then clicked back to an article written earlier today; I’m no expert on this debate but I did have one observation to make.

When I hear about meritocracy in the tech industry, or that a certain open source project is “meritocratic”, or that “the internet allows a pure meritocracy,” I think of a philosophy that is quite different from actual meritocracy as defined by pretty much every resource I can find.

Meritocracy in The Real World seems to revolve around evaluating the merit of a person. Someone with education, experience, intelligence. Power is given to meritous people.

I don’t think this is what technologists are dreaming of when they talk about creating a meritocracy. After all, you don’t need the Internet to filter people by their credentials or merits. Western society is already stratified by education, and it’s been illegal to discriminate based on race or gender since before I was born. Traditional meritocracy is nothing new. Continue reading

Workaround for PHP Error in Ubuntu 12.04: SoapClient(): SSL: crypto enabling timeout

So I spent ~20 hours of time isolating and working around an old, as-yet-unfixed openssl bug in Ubuntu 12.04. When using this code to connect to an HTTPS/SSL/TLS1.0 SOAP server:

ini_set( "soap.wsdl_cache_enabled", "0" );
$objSoapClient = new SoapClient(
'https://EXAMPLE.COM/EXAMPLEWSDLPATH',
array ( "encoding"=>"ISO-8859-1",
"trace"=>1,
"exceptions"=>0,
"connection_timeout"=>2000 ));

You get the following errors: Continue reading

Sniffing RS232 to Control an LED Sign with Arduino

Ever wanted to make a twitter sign? Of course you have. I do too, so I made one! My goal was to have minimal hardware so that the sign can easily be mounted anywhere, so I used a Linksprite WiFi DiamondBack Arduino to connect wirelessly to the Internet and control the sign.

But first, how to get the Arduino talking to the sign? The sign communicates with a standard serial cable (DE-9 RS232) which the Arduino SoftwareSerial library can talk to pretty easily. What data does it need, though? Sending straight ASCII characters to it didn’t do anything, so some digging was necessary.

Continue reading

IP Camera Proxy in PHP and HTML

Got an IP webcam but need to show it on your website? Cheap cameras frequently have crappy interfaces or login requirements. Using CURL and PHP, you can work around a number of issues while also hiding the username/password/port your webcam is actually on.

With a bit more work, you could even cache responses to provide better performance. This is next on my todo list, but contributions are welcome. Check out the Github repository for downloads and additional files!

Also see my img2mpg code and quick n dirty signage for other related scripts.

On Passwords

So you might have heard about the LinkedIn password hack the other day. Maybe you’ve changed your password, anywhere that your LinkedIn password was used! Good. Us admins still have to worry, though. Here’s why:

The vast, vast majority of passwords especially for social media will be 6-8 characters. If you read the news, you’ll see them claiming 60% of the 6 million passwords dumped have been cracked already, just a few days later. What does that mean for our security and choosing good passwords?

Well, by comparison, I would guess that any 9-character password that’s been cracked at this point is likely using common English words with low complexity. Why would I make a distinction between 8-character and 9-character passwords?

Because of the math. Assuming everyone had a totally-random password of uppercase, lowercase, and a number, being cracked at a pretty-normal rate of 1.4 million guesses per second, you get:
Continue reading

How to shut down a Windows server hung due to frozen VSS writers

Shadow copies and VSS writers are pains in the ass. Sometimes you’ll try to shutdown Windows and it’ll freeze for hours stuck at the “Windows is shutting down” screen because it can’t shut down the VSS shadow copy providers are also hung.

To get around this, I’ll usually shut down those servers with the ‘shutdown /p /f’ command. This force option seems to do the job nicely.

Shift Register LED Matrix Kit!

Hot on the heels of my Arduino Nagios Display, I’ve made a kit version of the LED matrix that is much easier to assemble! It’s daisy-chainable, so you only need however many rows you want. Perfect for workshops where you want to introduce someone to shift registers and LED matrixes but don’t want to buy 80 LEDs per student, while letting them take home something useful yet expandable.
Continue reading

Log your Logins – My favorite script ever

Reviewing my system, I realized one script I take advantage of the most is a logging script I made years ago to track logins.

I mainly use it to see who is using which computer, saving on guesswork and coming in very handy when troubleshooting weird problems. It also comes in handy when tracking down an asset or debugging login issues (i.e. if there’s no connection during login, it won’t write to the logfile.)

So here you go, in all its VBScript glory: https://gist.github.com/zyphlar/1793697

How Do I Grant Least Privilege? Or, Help! I Think Someone Needs Admin Rights!

You may realize that giving out admin rights (i.e. adding someone to the Administrators group) is a bad thing. But your boss and/or favorite employee might be demanding that they need them in order to do their job. You feel stuck. What do you do?

First, you need to learn something: the Administrators group isn’t magic.¬†The only reason it can do all the things it can do is because when Windows gets installed, it creates a group called Administrators and grants it a lot of permissions on files, folders, registry, and Local Security Policy entries.
Continue reading

Why Should Users Not Have Admin Rights?

I recently waded into a debate about whether people in an organization should be given local administrator access to their machines.

Now firstly, this violates the principle of least privilege, which is what all of security is based on. You don’t get it unless you need it; you get the minimal privilege necessary to do your job. Imagine if cashiers could withdraw from the company account, if untrained boot camp grads were given missile launch keys, and if spies told their families everything. Security doesn’t work that way.

Still, it got debated, and someone finally asked what specific dangers they were putting their network in by giving certain people local admin rights.

It’s not a simple question, but I’ve come up with some examples.
Continue reading

Nagios Notification Customizations

Getting notified by SMS is better than via email, I think, because then you can tell the difference between midnight spam and a server fire. Here’s my command for sending a shortened message (to #yournumber#@YourCarrierSMSGateway.com)

Add these to your commands.cfg and then change your contact settings (usually contacts_nagios2.cfg) to use the appropriate command.
Continue reading