Made by Mikal – Page 9

Minor questions in Linux file semantics

Post author:mikal
Post published:March 23, 2023
Post category:Linux

I’ve known for a long time that if you delete a file on Unix / Linux but that file is open somewhere, the blocks used by the file aren’t freed until that user closes the file (or is terminated), but I was left wondering about some other edge cases.

Shaken Fist has a distributed blob store. It also has a cache of images that virtual machines are using. If the blob store and the image cache are on the same filesystem, sometimes the image cache entry can be a hard link to an entry in the blob store (for example, if the entry in the blob store doesn’t need to be transcoded before use by the virtual machine). However, if they are on different file systems, I instead use a symbolic link.

This raises questions — what happens if you rename a file which is open for writing in a program? What happens if you change a symbolic link to point somewhere else while it is open? I suspect in both cases the right thing happens, but I decided I should test these theories out.

(more…)

Malware Analyst’s Cookbook and DVD

Post author:mikal
Post published:March 19, 2023
Post category:Book

Another technical book, this time because my employer lets me buy random technical books as long as I pinky swear to read them and this one sounded interesting and got good reviews. First off, the book is a bit dated given its from 2011 -- there are lots of references to Ubuntu 10.10 for example and they say to avoid Python 3, which has its historical charm. This is unfortunate given the first section of the book talks about setting up honeypots to collect malware to examine, but Dionaea for example had its last commit in 2021. I am left wondering if there are more modern honey pot systems that people use these days. Secondly the book is definitely a cookbook and that's on me for not noticing this about the book before buying it -- its a series of recipes / scripts that do interesting things with malware. That said, it isn't really teaching a cohesive set of skills, its more of a series of stepping stones along the path you might follow. I think that's an unintended piece of important learning -- books with "cookbook" or "recipes" in their title probably aren't very good as an overview of…

The BeyondCorp papers

Post author:mikal
Post published:March 15, 2023
Post category:Security Zero Trust

Google’s BeyondCorp effort would probably be what we would now call Zero Trust, although I am surprised by how little name recognition BeyondCorp has when I talk to security people about Zero Trust. Perhaps there are subtle differences between the two, but if there are they aren’t obvious to me. I find myself reading the relevant Usenix papers for BeyondCorp, so I figure I’ll post a summary of what I got from each paper here.

The earliest of these papers are quite old now (2014), especially for something the rest of the industry is only starting to talk a lot about at the moment. I wonder if there is a viable business model in watching what papers megacorps like Google publish, and the implementing them as commercialized products before the rest of the market catches on?

Either way, here’s a summary of the various papers from the perspective of an interested bystander…

(more…)

Cisco CyberOps Associate: Official Cert Guide

Post author:mikal
Post published:February 27, 2023
Post category:Book Security

I don't think I've really reviewed a technical book here before, but I read the thing so I guess I should. This book is the certification guide for a "Cisco CyberOps Associate" certification, which is what they now call the CCNA Security qualification. Its a relatively junior certification, qualifying you to be a level one operator in a Security Operations Centre (SOC). I read this book because I took a Cisco NetAcad course for the associated certification in the second half of 2022 (although it has continued to be a thing I plug away at in 2023). That was mainly motivated by a desire to more about a field that is clearly important, but hasn't been core to my personal career. This book is reasonably well written and readable -- I'd read a chapter in the evening after work and its wasn't a huge chore to churn though. I certainly learned things along the way, even if the certification seems to suffer from a desire to have everyone rote learn a lot of acronyms, which seems like a common ailment in the industry (AWS Certified Cloud Practitioner, I'm looking at you). My main critism is of the qualification itself, which…

Exploring more efficient remote large file storage

Post author:mikal
Post published:February 16, 2023
Post category:Shaken Fist

My primary personal project is a thing called Shaken Fist these days — it is an infrastructure as a service cloud akin to OpenStack Compute, but smaller and simpler. Shaken Fist doesn’t have an equivalent to the OpenStack Image service, instead letting your describe your instance images by a standard URL. One of the things Shaken Fist does to be easier to use is it maintains an official repository of common images, which allows users to refer to those images with a shorthand syntax instead of a complete URL. The images also contain small customizations (mainly including the Shaken Fist in-guest agent), which means I can’t just use the official upstream cloud images like OpenStack does.

The images were stored at DreamHost until this week, when a robot decided that they looked like offline backups, despite being served to the Internet via HTTP and being used regularly (although admittedly not frequently). DreamHost unilaterally decided to delete the web site, so now I am looking for new image hosting services, and thinking about better ways to build an image store.

(Oh, and recommending to anyone who asks that they consider using someone less capricious than DreamHost for their hosting needs).

(more…)

This is going to hurt

Post author:mikal
Post published:February 13, 2023
Post category:Book

This book is lots of things: honest, funny, and ultimately heart breaking. I don't remember how I came across it, but its a good read for when travelling as the diary format means you can put it down whenever you need to do something else. I'm left wondering how the Australian medical system compares to the NHS -- I know we have more patient choice and flexibility -- but I wonder what its like for those working within the system. Either way I definitely recommend this book.

Ansible 7.0 onwards requires blocking IO from stdin, stdout, and stderr

Post author:mikal
Post published:November 24, 2022
Post category:Ansible

Shaken Fist CI started failing this afternoon with this message logged: ERROR: Ansible requires blocking IO on stdin/stdout/stderr. Non-blocking file handles detected: <stdout> Specifically this was happening when using ansible-galaxy to install some requirements, but the check is a more generic check than that was implemented by this ansible pull request, which appears to have been released with ansible-core 2.14 on November 8. That sat around until today, when ansible 7.0.0 was released and broke CI for me. To be completely honest I'm not sure what's happening here -- somewhere in GitHub actions calling a shell script that calls ansible-galaxy the stdout file descriptor gets set to non-blocking and everything breaks. I'm unsure exactly where because its a pain to track down. That said, Jack came to the rescue with this gem: ansible-galaxy install andrewrothstein.etcd-cluster | cat - Which unblocks me. It will be interesting to see if other people encounter problems with this change.

Unix: a history and a memoir

Post author:mikal
Post published:November 21, 2022
Post category:Book

It was a bit surprising to me that Brian Kernighan self-published a book about Unix history with Kindle Direct publishing, but given how many other books he's published he must have his reasons for not using traditional channels for this one. The book is an engaging read, with quotes which still seem timely today popping up every so often. Certainly the decision to self-publish does not appear to have been because of a lack of effort put into the book. An example of a quote I think is still relevant today: "Stable funding was a crucial factor for research. It meant that AT&T could take a long-term view and Bell Labs researchers had the freedom to explore areas that might not have a near-term payoff and perhaps never would. That's a contrast with today's world, in which planning often seems to look ahead only a few months, and much effort is spent on speculating on financial results for the next quarter." (page 7). Kernighan covers his own early career and the general functioning of Bell Labs, before starting to delve into the history of Unix. Describing at a high level early batch processing systems and then Multics, Kernighan describes how…

The Kaiju Preservation Society

Post author:mikal
Post published:October 29, 2022
Post category:Book

This is a classic Scalzi book -- novel, fun, a little bit funny, and in sync with the time it was created in. A story set around a product manager laid off during the pandemic, and then presented with an... unusal employment option, the book moves quickly and in a way which keeps you engaged. Yet another Scalzi book I really enjoyed.

The Three-Body Problem

Post author:mikal
Post published:September 24, 2022
Post category:Book

I'm torn about this book -- the premise is interesting, the world is novel, and the book is well written. The book has a strong environmental theme, with a focus on the environmental impact of Chinese economic development during Mao's cultural revolution. However, despite all that the book didn't "grab" me. I think perhaps its because there is a lot of effort spent describing things which ultimately don't really matter -- like weather or not the desktop PC being used by one of the characters is the current model or not. Or perhaps its because I didn't actually like any of the characters -- none of them is what I would call a nice person. Or perhaps this is an artifact of the book having been translated from Chinese, and perhaps different stylisting expectations or some such? Either way, I don't think I'll finish this trilogy.