Infinite Disorder

When having MATE and Unity both installed, a conflict can occur with the notifications daemon. The MATE daemon will prevent the unity daemon from starting.

The main indicator of this problem (when logged into Unity):
pgrep notify-osd returns no process ID
volume OSD (on screen display) doesn’t work
add-ons like notifyosdconf do nothing
OSD theme doesn’t match unity theme

The quick fix:
sudo apt-get remove mate-notification-daemon
pkill notify-osd

Test:
notify-send test

Tested on ubuntu 12.04 mate, this was amazingly easy once I figured it out.

Browse to your webapp in chrome, like https://www.evernote.com/
More Tools -> Add to desktop (check box for open as window)
Go to your webapps dashboard chrome://apps/
Right click on the evernote icon and “create shortcuts”. Check box for “Application Menu”

Go to your panel and rightclick -> add-to-panel -> application launcher
Search for your webapp (in this case evernote).

If your launcher didn’t get a proper icon, download one from the web and put it in a permanent location (Dropbox/icons).
Right click on the launcher -> properties -> click on icon -> select new icon.

Done and Done

Apache Site:

<IfModule mod_ssl.c>
    <VirtualHost _default_:8443>
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SSLEngine on
        SSLCertificateFile /etc/ssl/ssls-com-wildcard-2015.crt
        SSLCertificateKeyFile /etc/ssl/ssls-com-wildcard-2015.key

        ProxyRequests Off
        <Location />
        ProxyPass http://127.0.0.1:9200/
        ProxyPassReverse http://127.0.0.1:9200/
        AuthType Basic
        AuthName "KOPF Web Site: Login with hf-it-ops email address"
        AuthUserFile "/etc/nginx/htpasswd.users"
        Require valid-user
        RewriteEngine on
        RewriteRule ^/.+/(.*) http://127.0.0.1:9200/$1 [P]
        </Location>
    </VirtualHost>
</IfModule>

Setup iptables:
iptables -A INPUT -p tcp --dport 9200 -s 10.0.0.0/8 -j ACCEPT
iptables -A INPUT -p tcp --dport 9200 -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --dport 9200 -j REJECT

Save iptables:
sudo apt-get install iptables-persistent
sudo iptables-save
sudo service iptables-persistent start
sudo update-rc.d iptables-persistent enable

Since I use AWS at work, I wanted to try something else for my personal workstation (this is basically a tmux jumpbox for me).

Security: winner: neither?
The nice thing about both of these services is that they are very simple to use. Compared to EC2, they are lacking many features, the biggest surprise for me was the lack of network based security groups. Alternately, you can use a host-based firewall but good luck with any DOS attack. Another lacking feature is the ability to NOT have a public IP (at least this was lacking out of the box…I bet you can just ifdown that interface). Security seems to be an afterthought for these services, it’s important to at least switch from password to SSH keys, remove root login and add a firewall. Suggestions from digital ocean are pretty good: https://www.digitalocean.com/community/tutorials/7-security-measures-to-protect-your-servers

Pricing: winner: digital ocean if you want a $5 instance
Very similar, the main difference is that Digital Ocean has a $5/month instance for 512mb/20gb/1core. Both offer 1gb/30gb/1core for $10/month. Both use SSDs (yes!).

Instance Creation: winner: digital ocean
Digital Ocean uses a wizard style startup, so it was obvious what to do. Linode was not a wizard, but it was pretty easy to guess where to go next. Creating an instance and then loading an OS is a two-step process on linode, instead of one.

Capabilities: winner: not sure
It seems like linode has a few more features (more OS support). I didn’t investigate this too much. Both offer console access if you get locked out, although the linode console didn’t work for me.

Network Copy Speeds: winner: digital ocean
This was important to me, as I often shuffle things from place to place with SCP.
Speeds in Megabits-
DigitalOcean:400mb UP :400mb DOWN
Linode:120mb UP: 320mb DOWN

GUI: winner: digital ocean
Digital Ocean won this hands down for beauty factor and simplicity.

Update: I started getting seg faults with apt-get and noticed I was out of memory. It’s an easy fix to add some swap https://www.digitalocean.com/community/tutorials/how-to-add-swap-on-ubuntu-14-04 .
Disclaimer: I am not paid or affiliated with either of these companies.

Amazon says that drive encryption in Opsworks is on the roadmap. In the meantime they suggest creating a drive in EC2, adding it to resources, then mapping it to an instance.

For my automation, I much prefer to have an AMI with an encrypted volume attached:

1. created instance in opsworks, no application recipes
2. cleaned out opsworks data from instance http://docs.aws.amazon.com/opsworks/latest/userguide/workinginstances-custom-ami.html
3. created encrypted volume, mounted it elsewhere, created ext3 filesystem
4. added mount command to /etc/rc.local (mount /dev/xvdh /storage/)
5. shutdown opsworks instance via opsworks
6. created snapshot of 100gb volume
7. attached volume to instance and specify snapshot (snap-6ed57648)
8. created ami “encrypted-disks-ubu1204-4”
9. created new instance in scout layer and another new instance in a blank layer, both using new AMI
10. verified applicable volumes are encrypted
11. started instance in opsworks

Note: don’t forget, you can’t share encrypted volumes with other accounts, the encryption key is only accessible from your account.

Kibana4 has some great new features but doesn’t include a startup script.

Here is my contribution, a simple startup script, tested on debian 7.

https://github.com/akabdog/scripts/blob/master/kibana4_init

Because most of the sites discussing this are filled with broken links or mis-information, I decided to add my procedure here. You can download all the files in one zip from here:
http://the408.com/downloads/infiniteDisorder_NDS.zip
1. Grab a micro SD card and format it FAT.
2. Extract the file G6&M3DS-R_M74.zip, it will be a folder called SYSTEM. Copy this to the root directory of the SD card.
3. Extract the file F_CORE_v4.2.0.zip, it will be a file called F_CORE.DAT. Copy this to the root directory of the SD card.
4. Extract the file 3GUpdaterPlus_450HW.zip, it will be a file called 3GUpdaterPlus_450HW.nds. Copy this to the root directory of the SD card.
5. Plug the SD card into your m3i and plug your m3i into your computer by matching up the arrows on the plastic. Once the light stops blinking, its done.
6. Insert the m3i into your NDS, you should be able to boot the m3i and start the NDS emulator, then select 3GUpdaterPlus_450HW.nds to apply the update.
7. Now you can download and extract F_CORE_v4.5.0.zip, replace the existing F_CORE.DAT file and plug the m3i into your computer again, once it stops blinking, everything is up to date.
8. Plug the SD card into you computer one last time, create folders of any names you wish and add your ROMs.

These steps will allow you to send a message to a user. Only that user will be able to decrypt it.
First acquire the users public key and create a text file with it.
vi userName.pub
gpg --import userName.pub
gpg --list-keys

Now create a text file with your message and encrypt it
vi lab_creds.txt
gpg -se -a -r name@domain.com lab_creds.txt
enter your private key password
Now a file will be created called lab_creds.txt.asc, paste that into an email.

#apt-get install iscsitarget
#vi /etc/default/iscsitarget
SCSITARGET_ENABLE=true
#vgcreate iscsi /dev/sda
#lvcreate -L1500G -n jarfis_colder iscsi
#lvcreate -L1260G -n jarfis_warmer iscsi
#vi /etc/ietd.conf
Target iqn.2010-10.com.qualys.qa.vuln:jarfis.lun000
Lun 0 Path=/dev/iscsi/jarfis_colder,Type=blockio,ScsiSN=JARFIS-LUN000
Alias LUN000
Target iqn.2010-10.com.qualys.qa.vuln:jarfis.lun001
Lun 1 Path=/dev/iscsi/jarfis_warmer,Type=blockio,ScsiSN=JARFIS-LUN001
Alias LUN001
#/etc/init.d/iscsitarget restart