Many moons ago a colleague lamented a story to me that went something like this:
SysEngGuy: I asked DeveloperGuy why we should switch to git
Me: Cool, what was his answer?
SysEngGuy: He said it was better, but when I asked him why he just kept saying "because it's better"
Me: But why is it better?
SysEngGuy: Exactly, why would I be compelled to move to something else "just because."
Even if git is super awesome ( which I now know it is ) you can't expect people to switch over unless you sell them on the idea. Especially when you're dealing with a SysEngGuy that is deeply entrenched in whatever happens to be the "current" way of doing things.
I'm starting a series of posts answering the question of "why is git better?" My goal here is to both answer the question, and hopefully in doing so, solidify my understanding of git in general.
Wednesday, March 28, 2012
Tuesday, March 27, 2012
Groovy little script to bootstrap a chef server
This is a groovy little script I wrote to bootstrap a chef-server using a HPCloud node.
#!/bin/bash
##
# Install everything required to get chef-server up
TARGET_IPADDR="15.185.181.148"
SSH_KEY_FILE="/home/krogebry/.ssh/keys/KSONSoftware.pem"
## Fix that idiotic byobu garbage
ssh -i ${SSH_KEY_FILE} ubuntu@${TARGET_IPADDR} 'byobu-disable'
## Fix the ssh behavior so the box is actually usable
ssh -i ${SSH_KEY_FILE} ubuntu@${TARGET_IPADDR} 'sudo cp /home/ubuntu/.ssh/authorized_keys /root/.ssh/'
## Fix that idiotic byobu garbage ( this time for root )
ssh -i ${SSH_KEY_FILE} root@${TARGET_IPADDR} 'byobu-disable'
## Install some packages
ssh -i ${SSH_KEY_FILE} root@${TARGET_IPADDR} 'apt-get update -y'
ssh -i ${SSH_KEY_FILE} root@${TARGET_IPADDR} 'apt-get install -y libgecode-dev g++ make libyaml-dev libssl-dev'
ssh -i ${SSH_KEY_FILE} root@${TARGET_IPADDR} 'apt-get install -y ruby1.9.1 rubygems1.8'
## Fixing ruby
ssh -i ${SSH_KEY_FILE} root@${TARGET_IPADDR} 'update-alternatives --set ruby /usr/bin/ruby1.9.1'
## Update gems
ssh -i ${SSH_KEY_FILE} root@${TARGET_IPADDR} 'gem update'
## Install chef server
ssh -i ${SSH_KEY_FILE} root@${TARGET_IPADDR} 'gem install chef-server json'
## Configure chef
ssh -i ${SSH_KEY_FILE} root@${TARGET_IPADDR} 'mkdir /etc/chef ; ln -s /var/lib/gems/1.8/ /var/lib/gems/1.9.1 ; mkdir /root/.chef'
## Send up some chef-solo bootstrapping bits
scp -i ${SSH_KEY_FILE} files/server/solo.rb root@${TARGET_IPADDR}:/etc/chef
scp -i ${SSH_KEY_FILE} files/server/chef.json root@${TARGET_IPADDR}:/root/
scp -i ${SSH_KEY_FILE} files/server/chef.init root@${TARGET_IPADDR}:/etc/init.d/chef-server
scp -i ${SSH_KEY_FILE} files/server/chef-expander.init root@${TARGET_IPADDR}:/etc/init.d/chef-expander
scp -i ${SSH_KEY_FILE} files/server/chef-solr.init root@${TARGET_IPADDR}:/etc/init.d/chef-solr
scp -i ${SSH_KEY_FILE} files/server/knife.rb root@${TARGET_IPADDR}:/root/.chef/
## Bootstrap chef-server
ssh -i ${SSH_KEY_FILE} root@${TARGET_IPADDR} 'chef-solo -c /etc/chef/solo.rb -j ~/chef.json -r http://s3.amazonaws.com/chef-solo/bootstrap-latest.tar.gz'
Friday, October 28, 2011
A coworker of mine was asking me one of his favorite interview questions. It basically goes like this:
"Write me something that will change any file ending in .html to .htm"
Okay, simple enough, I write out a quick bash loop and hand it to him, then he says:
"Okay, now let's say the directory has spaces in the name"
A bash for loop will create an array by splitting on spaces, so something like this would break:
for file in `find ./ -name *.html`
do
mv $file $newfile
done
If you had a directory named "my directory" you'd have an entry for "my" and an entry for "directory/blah.html" which wouldn't work.
The solution is to do some "while reading this line" bullshit in bash, but my solution was much more elegant, throw away bash and use ruby:
irb(main):001:0> Dir.glob("**/*.html").each do |fileName| system( "mv \"%s\" \"%s\"" % [fileName,fileName.gsub( /\.(html)$/,".htm" )] ) end
This question is designed to see if you can think around complicated scenarios. However, in the wild I'd never trust bash to do the right thing.
Bash is dumb, ruby is elegant perfection. I guess I would have failed that interview question. ;)
"Write me something that will change any file ending in .html to .htm"
Okay, simple enough, I write out a quick bash loop and hand it to him, then he says:
"Okay, now let's say the directory has spaces in the name"
A bash for loop will create an array by splitting on spaces, so something like this would break:
for file in `find ./ -name *.html`
do
mv $file $newfile
done
If you had a directory named "my directory" you'd have an entry for "my" and an entry for "directory/blah.html" which wouldn't work.
The solution is to do some "while reading this line" bullshit in bash, but my solution was much more elegant, throw away bash and use ruby:
irb(main):001:0> Dir.glob("**/*.html").each do |fileName| system( "mv \"%s\" \"%s\"" % [fileName,fileName.gsub( /\.(html)$/,".htm" )] ) end
This question is designed to see if you can think around complicated scenarios. However, in the wild I'd never trust bash to do the right thing.
Bash is dumb, ruby is elegant perfection. I guess I would have failed that interview question. ;)
Tuesday, October 25, 2011
Chef is fun.
I'm currently using chef to manage 91 nodes, and find it to be a fantastic tool. I esspecially like to combine knife commands with shell stuff for something like this:
for node in `knife search node "chef_environment:prod"|grep "Node Name"|awk '{print $3}'`; do echo -ne "${node}\t" ; knife node show $node -a ec2.instance_type; done |awk '{print $1 "\t" $3}'Which gives me a list of nodes in production along with their ec2 instance type. It's handy for generating simple reports, and getting an idea for how may instances of each type we have running in any given environment.
Monday, April 18, 2011
Marriage is tough
Five Finger Death Punch sums up my feelings on the current state of things quite nicely:
"I'd rather hate you for who you are then love someone you're not"
In other words, I'd rather have all the bad then one second of something that you're not.
I love you Kira, and you're worth it. ;)
"I'd rather hate you for who you are then love someone you're not"
In other words, I'd rather have all the bad then one second of something that you're not.
I love you Kira, and you're worth it. ;)
Saturday, February 5, 2011
The house hacking analogy
...and why I dislike it.
First off, the obvious point that a house is clearly nothing like a computer, or a network. People love to use this analogy when talking about security. the conversation usually goes something like this:
Me: "I think that pointing out security flaws does not equate or an immoral act. In other words: if my intent is purely non-destructive, how can it be considered wrong?"
Them: "It's wrong in the same way that breaking into a house is wrong."
Clearly this person is invoking the social contact regarding the expectation of security. This contract states that if you break into my house, or otherwise violate the physical security of this domicile, you will be sanctioned based on the nature of your entry and your subsequent crimes that result from an unauthorized entry.
The parallel here is that the physical security of my house is like the physical security of a network or computer system. If it's wrong to break into my house, then it's wrong to break into my computer as well.
I don't think this holds up like people think. First off, as far as a house goes, the borders and boundaries are clearly laid out. With computers and networks, not so much. The obvious scenario is a hacker gaining clearly unauthorized access to the system. In this case it's clear that no matter what this person does, they're doing it illegally. Gaining access to a network that you know you aren't supposed to be on is clearly wrong.
My differentiation here is that it's not illegal or immoral to find the flaw. The act of proving it ( in most cases ) is the same as exploiting it which makes this a bit of a semantic argument.
However, there are cases when exploiting by proving is worth less than the knowledge gained by knowing about the problem. For example, if we go back to the analogy of the house we could say that by calling the owner of the house letting them know that their front door was open ( and you knew it was open since you were standing inside the house ) and that perhaps the owner should do something about this before someone robs them blind. One might be inclined to think that the owner of the house would greatly appreciate this person pointing this out perhaps even paying this person to shut the door for them.
The person that entered the house was in breach of the social contract. They violated the expectation of security, however, they did it because the door was open, literally. I propose that the immorality of violating this social contract is grossly outweighed by the person doing the right thing, and clearly having no intentions of doing anything but.
The same is not what we see in the computer world. Unfortunately the world I live in is far more apathetic then this. I usually hear people suggest that "it's not your problem to point out" as if to suggest that I should just shrug it off and just say "it is what it is." Apathy pisses me off greatly.
The problem here is that this isn't just a house, it's more like a warehouse full of boxes of your information. I am a professional in the Information Systems profession, and as such it is my duty as a professional to point out the potential problems of any network or system I come across. I see this as my charge, my duty as a professional. I guess in some corny way I see myself as some kind of IS samurai. Everything I do is focused on a more complete mastery of my craft. Ignoring a problem with someone else's network ( read: YO MORON, YOUR DOOR IS OPEN ) is something I will not do just like I wouldn't ignore someone breaking into your house.
Breaking into a house hurts that family and the people closely attached to that family, even neighbors. Someone breaking into a warehouse hurts everyone who had information stored there their families, and everyone connected to them. I can't help thinking that my expectation of security for my home would extend to the warehouse. However, this is rarely ever the case. The unfortunate reality is that people are so busy beating people like me over the head with their own stupidity that now we just don't give a fuck. I know for dam sure that the next time I find a security hole I'm not going to point it out, then laugh while people get fucked from the fallout.
First off, the obvious point that a house is clearly nothing like a computer, or a network. People love to use this analogy when talking about security. the conversation usually goes something like this:
Me: "I think that pointing out security flaws does not equate or an immoral act. In other words: if my intent is purely non-destructive, how can it be considered wrong?"
Them: "It's wrong in the same way that breaking into a house is wrong."
Clearly this person is invoking the social contact regarding the expectation of security. This contract states that if you break into my house, or otherwise violate the physical security of this domicile, you will be sanctioned based on the nature of your entry and your subsequent crimes that result from an unauthorized entry.
The parallel here is that the physical security of my house is like the physical security of a network or computer system. If it's wrong to break into my house, then it's wrong to break into my computer as well.
I don't think this holds up like people think. First off, as far as a house goes, the borders and boundaries are clearly laid out. With computers and networks, not so much. The obvious scenario is a hacker gaining clearly unauthorized access to the system. In this case it's clear that no matter what this person does, they're doing it illegally. Gaining access to a network that you know you aren't supposed to be on is clearly wrong.
My differentiation here is that it's not illegal or immoral to find the flaw. The act of proving it ( in most cases ) is the same as exploiting it which makes this a bit of a semantic argument.
However, there are cases when exploiting by proving is worth less than the knowledge gained by knowing about the problem. For example, if we go back to the analogy of the house we could say that by calling the owner of the house letting them know that their front door was open ( and you knew it was open since you were standing inside the house ) and that perhaps the owner should do something about this before someone robs them blind. One might be inclined to think that the owner of the house would greatly appreciate this person pointing this out perhaps even paying this person to shut the door for them.
The person that entered the house was in breach of the social contract. They violated the expectation of security, however, they did it because the door was open, literally. I propose that the immorality of violating this social contract is grossly outweighed by the person doing the right thing, and clearly having no intentions of doing anything but.
The same is not what we see in the computer world. Unfortunately the world I live in is far more apathetic then this. I usually hear people suggest that "it's not your problem to point out" as if to suggest that I should just shrug it off and just say "it is what it is." Apathy pisses me off greatly.
The problem here is that this isn't just a house, it's more like a warehouse full of boxes of your information. I am a professional in the Information Systems profession, and as such it is my duty as a professional to point out the potential problems of any network or system I come across. I see this as my charge, my duty as a professional. I guess in some corny way I see myself as some kind of IS samurai. Everything I do is focused on a more complete mastery of my craft. Ignoring a problem with someone else's network ( read: YO MORON, YOUR DOOR IS OPEN ) is something I will not do just like I wouldn't ignore someone breaking into your house.
Breaking into a house hurts that family and the people closely attached to that family, even neighbors. Someone breaking into a warehouse hurts everyone who had information stored there their families, and everyone connected to them. I can't help thinking that my expectation of security for my home would extend to the warehouse. However, this is rarely ever the case. The unfortunate reality is that people are so busy beating people like me over the head with their own stupidity that now we just don't give a fuck. I know for dam sure that the next time I find a security hole I'm not going to point it out, then laugh while people get fucked from the fallout.
Friday, December 24, 2010
A better version of Silent Night
TWAS THE NIGHT BEFORE CHRISTMAS, HE LIVED ALL ALONE,
IN A ONE BEDROOM HOUSE MADE OF PLASTER AND STONE.
I HAD COME DOWN THE CHIMNEY WITH PRESENTS TO GIVE,
AND TO SEE JUST WHO IN THIS HOME DID LIVE.
I LOOKED ALL ABOUT, A STRANGE SIGHT I DID SEE,
NO TINSEL, NO PRESENTS, NOT EVEN A TREE.
NO STOCKING BY MANTLE, JUST BOOTS FILLED WITH SAND,
ON THE WALL HUNG PICTURES OF FAR DISTANT LANDS.
WITH MEDALS AND BADGES, AWARDS OF ALL KINDS,
A SOBER THOUGHT CAME THROUGH MY MIND.
FOR THIS HOUSE WAS DIFFERENT, IT WAS DARK AND DREARY,
I FOUND THE HOME OF A SOLDIER, ONCE I COULD SEE CLEARLY.
THE SOLDIER LAY SLEEPING, SILENT, ALONE,
CURLED UP ON THE FLOOR IN THIS ONE BEDROOM HOME.
THE FACE WAS SO GENTLE, THE ROOM IN SUCH DISORDER,
NOT HOW I PICTURED A UNITED STATES SOLDIER.
WAS THIS THE HERO OF WHOM I’D JUST READ?
CURLED UP ON A PONCHO, THE FLOOR FOR A BED?
I REALIZED THE FAMILIES THAT I SAW THIS NIGHT,
OWED THEIR LIVES TO THESE SOLDIERS WHO WERE WILLING TO FIGHT.
SOON ROUND THE WORLD, THE CHILDREN WOULD PLAY,
AND GROWNUPS WOULD CELEBRATE A BRIGHT CHRISTMAS DAY.
THEY ALL ENJOYED FREEDOM EACH MONTH OF THE YEAR,
BECAUSE OF THE SOLDIERS, LIKE THE ONE LYING HERE.
I COULDN’T HELP WONDER HOW MANY LAY ALONE,
ON A COLD CHRISTMAS EVE IN A LAND FAR FROM HOME.
THE VERY THOUGHT BROUGHT A TEAR TO MY EYE,
I DROPPED TO MY KNEES AND STARTED TO CRY;
THE SOLDIER AWAKENED AND I HEARD A ROUGH VOICE,
“SANTA DON’T CRY, THIS LIFE IS MY CHOICE;
I FIGHT FOR FREEDOM, I DON’T ASK FOR MORE,
MY LIFE IS MY GOD, MY COUNTRY, MY CORPS.”
THE SOLDIER ROLLED OVER AND DRIFTED TO SLEEP,
I COULDN’T CONTROL IT, I CONTINUED TO WEEP.
I KEPT WATCH FOR HOURS, SO SILENT AND STILL
AND WE BOTH SHIVERED FROM THE COLD NIGHT’S CHILL.
I DIDN’T WANT TO LEAVE ON THAT COLD, DARK, NIGHT,
THIS GUARDIAN OF HONOR SO WILLING TO FIGHT.
THEN THE SOLDIER ROLLED OVER, WITH A VOICE SOFT AND PURE,
WHISPERED, “CARRY ON SANTA, IT’S CHRISTMAS DAY, ALL IS SECURE.”
ONE LOOK AT MY WATCH, AND I KNEW HE WAS RIGHT.
“MERRY CHRISTMAS MY FRIEND, AND TO ALL A GOOD NIGHT.”
Subscribe to:
Posts (Atom)