VMware ESXi 5.0 Update from CLI

the update command:
esxcli software vib install --maintenance-mode --depot \
  /vmfs/volumes/host-data/patch/update-from-esxi5.0-5.0_update01.zip


dealing with maintenance mode from the command line:

vim-cmd /hostsvc/maintenance_mode_enter
vim-cmd /hostsvc/maintenance_mode_exit
vim-cmd /hostsvc/hostsummary | grep inMaintenanceMode

OpenSSL & Smart Cards

Started playing with (PKI) smart cards with OpenSSL. Nothing is working so far, but thought I would at least keep my starting point, if I come back to it later. If you have any more suggestions, I would be happy to take a look or greatful for a solution.

Basically I want to decrypt email using my smart card & openssl.

openssl> engine dynamic -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:opensc-pkcs11.so

something like:
openssl> smime -decrypt -in ______ -noverify -keyform engine -engine pkcs11 -id ____

http://ubuntuforums.org/showthread.php?t=1557180

http://www.openssl.org/docs/apps/smime.html

http://www.opensc-project.org/engine_pkcs11/wiki/QuickStart

Cleaning a Disk with dd

Lets say that you have an old system sitting around that you want to give to a friend or to a charity. The system itself is fine, but you had been using it for keeping track of your personal finances. You had several personal bits of information on there (credit card numbers, account numbers, ssn, etc.). How do you make it safe to hand this off?

If you have a USB enclosure and a Mac around it is easy. Disk Utility included with the Mac will erase that drive, just select the 7 (or for the ultra paranoid 35) times overwrite option. But lets say that you don’t have a Mac and you don’t want to spend money on a application to do it. But you have a good old faithful linux system.

Personally, I am a little more paranoid than average and don’t want to trust a single wipe. But on the other hand, I have found few times that a real 7 pass or 35 pass wipe is needed. In order to satisfy a 3 pass wipe, there are a couple of variations that you can use:

Variation 1 (leaves bits in a random state)

  1. Zero the drive
  2. One the drive
  3. random the drive

Variation 2 (Leaves bits as zeros)

  1. random the drive
  2. One the drive
  3. Zero the drive

Both of these set all bits to both positions & a random. Personally I like the variation for security, but it depends on what the final application will be. If the final drive will be encrypted variation 1 is preferable, if not I like 2 because the starting state of the bits would be more difficult to ascertain.

Since this can take many hours, there are also some options to get the status.

Anyway here are the commands:

First figure out what your drive is, note you cannot use the system drive that you are
 running on. For this example we will say that it is /dev/sdd. You can do just a 
 partition, but this may not be as secure.

Random:
dd if=/dev/urandom of=/dev/sdd bs=4096

Zero:
dd if=/dev/zero of=/dev/sdd bs=4096

Ones:
perl -e 'print chr(0xFF) while(1);' | dd of=/dev/sdd bs=4096


Status (on linux):
- to make dd pause and print it status, get the pid (ps aux | grep dd), then
# kill -s USR1 <PID>

To Test the drive:
# dd if=/dev/sdd bs=1 count=10 skip=600000000000 | hexdump -C
(this will skip a head to the 600GB & show 10 hex characters)

If something fails and you need to resume, use the test above to figure out where to 
 start. Then add a seek criteria to the dd command (make sure to divide by 4096 to 
 get the location)
# perl -e 'print chr(0xFF) while(1);' | dd of=/dev/sde bs=4096 seek=146484375
(will restart writing ones at the 600GB)

Note: there is nothing particularly special about 4096, I have just seen this used as 
a good size (bs) for writing to modern hard drives and is faster than the 512 default.

Of course you could always just use a tool like Darik’s Boot & Nuke @ Source Forge, but what fun is there in that?
(http://www.cmu.edu/iso/tools/data-sanitization-tools.html)
http://www.linux.com/archive/feature/48092

Using Screen

Until recently, I had never used screen. Now I love it! Screen is awesome.

In short, screen is a virtual terminal session that allows multiple windows within a single ssh session. It also maintains your session if you lose a connection.

start screen:
$ screen

to create a new window:
cntrl-a c

to exit a window:
$ exit

to switch windows:
cntrl-a n   (next)
cntrl-a p   (previous)

help
cntrl-a ?

to detach your session from screen:
cntrl-a d

to find a screen session:
$ screen -ls
There is a screen on:
	6173.pts-1.localhost	(Detached)
1 Socket in /var/run/screen/S-root.

to reattach to a screen session:
$ screen -r
OR
$ screen -r 6173.pts-1.localhost

http://www.rackaid.com/resources/linux-screen-tutorial-and-how-to/
http://www.howtoforge.com/linux_screen
http://linux.die.net/man/1/screen

SVN Diff GUI for MAC

Using FileMerge with SVN

I have been just using console diff with svn until now. But I needed to
see some changes -> comparing example config files with real ones.

Here is a really good article with some good scripts.

http://www.defraine.net/~brunod/fmdiff/

local copy of scripts — put in /usr/local/bin

either run svn like:

$ svn diff --diff-cmd fmdiff <other diff options, files or URLs>

$ svn update --diff3-cmd fmdiff3

$ fmresolve <conflictfile>
$ svn resolved <conflictfile>

or make changes to ~/.subversion/config

editor = vi
diff-cmd = fmdiff
diff3-cmd = fmdiff3
merge-tool-cmd = fmmerge

PHP Build Test Errors with PHP 5.3.6 on RHEL 6

I have built PHP many times, and most of the time I just ignore the failing tests. This time I needed it for a production server, so I went thru each test and figured out why it was failing. As I did this, I put together a patch that would address the issues. There are a few things that are broken – all of these don’t apply to me and in general are minor, so I added SKIPIF statements to the tests, but most were just poorly written or the underlying library changed they way it handled incorrect input.
Continue reading

Handler Issus with MySQL

Working with MySQL 5.5.9, I ran into an issue where a cursor loop in 1 procedure was getting stopped by the INSERT … SELECT in a called procedure. The fix was not pretty but was effective: put a SET in the code to force the HANDLER back to FALSE(0) after the CALL that was setting it to TRUE(1).

CREATE PROCEDURE p_each_value( in_value INT )
BEGIN
  INSERT IGNORE INTO table1 (v1, v2)
  SELECT v1, v2 FROM table2 WHERE v3=in_value
END

CREATE PROCEDURE p_all ()
BEGIN
    DECLARE my_id INT;
    DECLARE finished INT(1) DEFAULT 0;

    DECLARE my_cursor CURSOR FOR
      SELECT v3 FROM table2;

    DECLARE CONTINUE HANDLER FOR NOT FOUND SET finished = 1;

    OPEN my_cursor;
    my_loop: LOOP
       FETCH my_cursor INTO my_id;
       IF finished THEN
         LEAVE my_loop;
       END IF;
       CALL p_each_value( my_id );
       SET finished = 0;
    END LOOP my_loop;
    CLOSE my_cursor;
END