I became a self employed system administrator in 2011 and (touch wood) my freelance infrastructure business has been going fairly well so far. I thought it was about time I built a marketing website for my business, and I wanted to create a simple, professional-looking site without having to spend too much time building it.
It was very easy to modify the template and build the simple marketing website I wanted. The end result isn’t the most advanced design ever created, and it’s instantly recognisable as a Bootstrap site to anyone else who’s used it, but that’s OK. I’m just trying to market my business, not win design awards. I’d certainly recommend Initializr to anyone else who understands HTML and CSS and wants to get a decent site up and running as quickly as possible.
The end result can be seen at mattbrock.co.uk.
(If you’re interested in hiring me for sysadmin consultancy work, just email me.)
If you ever find yourself wanting to extract the contact photos from vCard/VCF files then this may be the script for you. I know that this works on a vCard export of multiple contacts from the Contacts app in OS X Mountain Lion. It’s possible you might have to tweak it a bit for vCard files from other sources. Read the rest of this entry »
Sometimes it’s desirable to have a continuously updating display of the IP addresses which are hitting a web server, with an indication of how many times each IP address has made a request. This may be because you suspect a DoS or DDoS attack, or there may appear to be some other odd activity, or you may simply be curious. If a web server is sitting directly on the Internet then it’s possible to do this fairly easily with a tool such as netstat. Often, however, a web server is behind an ELB or another type of load balancer, which means that if you try to use netstat then you’ll just see the load balancer’s IP address, not the address of the client which made the request. But if your load balancer is passing the X-Forwarded-For header (as it really ought to be) then you can use this header instead of the client IP to get a continuously updating display. Read the rest of this entry »
I make extensive use of the Reminders app in Mountain Lion* to keep track of tasks and to-do items, and I wanted a way to export a list of reminders to plaintext, so I knocked up a quick Python script to take an ICS file exported from a List in Reminders (which you can do from the File menu) and output it in plaintext. Read the rest of this entry »
Up until recently I was using Heartbeat to create two-node Linux clusters with floating IPs, but now Heartbeat is no longer being developed I needed to figure out how to use Corosync and Pacemaker for this instead. Unfortunately this is quite a lot more in-depth than the simple configuration that was required for Heartbeat. Anyway, based on my recent experiences, here’s a quick guide for if you find yourself in a similar situation. This works for me on CentOS 6. Whether it works on CentOS 5 and/or other Linux distributions I don’t currently know as I haven’t tried it.
Read the rest of this entry »
All I wanted you to do was move my number from my old flat to my new flat and give me a SIM in time for me to pass it to my broadband provider so that I didn’t have any loss in broadband service during my move. What followed was weeks of diabolical communication and total and utter incompetence, leading to an enormous amount of stress, hassle and wasted time both for me and for my broadband provider.
As soon as possible I will be getting an alternative broadband solution which doesn’t require a BT line so that I don’t have to use BT ever again. You’re a truly awful company, I don’t ever want to have to deal with you again either for personal or professional use, and I’ve been making sure all my colleagues, friends and family know how utterly useless and incompetent you are.
Mountain Lion is an improvement on Lion, which I had mixed feelings about when it was released. Unfortunately, however, Apple seems to have decided that RSS is a dead technology, and consequently the handy RSS screensavers have been removed, which means there’s no simple way of creating a screensaver out of one’s Flickr favourites.
Having come up with an effective solution for how to get Flickr favourites as a screensaver in Mountain Lion, I thought I’d share the method for the benefit of those who are not so used to fiddling with the deeper technological aspects of their Mac. I’ve gone into quite a lot of detail for those who are less technically-minded, but those of a more technical bent can just skip ahead accordingly.
Read the rest of this entry »
A client arranged penetration testing in order to achieve PCI compliance and it was found that not all cookies contained the HttpOnly flag, which is an automatic fail because apparently you are more vulnerable to XSS attacks if you don’t set your cookies to use HttpOnly.
This problem turned out to be caused by the HAProxy load balancer not adding HttpOnly to its persistence (sticky session) cookies, so I checked the HAProxy manual and did some googling, but I couldn’t find any way of making HAProxy’s persistence cookies add the HttpOnly flag.
The HAProxy website says “if you want to suggest a useful feature, please discuss it on the mailing list” so I’ve tried to do just that but have not had any response yet. In the meantime, I’ve modified the code myself so that the HttpOnly flag is added to all persistence cookies. For version 1.4.21 of HAProxy, patching src/proto_http.c with the following will add my modification to achieve this:
> len += sprintf(trash+len, "; HttpOnly");
Hopefully this is something the HAProxy developers will add permanently as an option, otherwise it’s quite awkward for HAProxy users needing to pass compliance tests whilst using persistence cookies.
Edit: Willy, the developer of HAProxy, has replied on the mailing list to indicate that he’ll be adding an ‘httponly’ option to the ‘cookie’ parameter in version 1.5 of HAProxy, so that’s great news. In the meantime, my little hack above can be used for those needing HttpOnly on version 1.4.
Edit: This has now been added as an option in version 1.4.22 of HAProxy.