When puppet leaves an un-tidy mess

A while back, I had written a quick and dirty shell script to take a simple tarball of the /etc directory of my linux machines and copy it to an FTP server. Then, to make sure that the FTP directory didn’t get out of hand, I had written the following in my puppet config for that server that would clean everything up with the use of the tidy resource type. The code looked like this:

  tidy { "/srv/ftp/mrbackup":
    path    => "/srv/ftp/mrbackup/",
    age     => "30d",
    recurse => true,
  }

Nothing really fancy there and I put this in day 1 so I figured everything would run and the tidy command is pretty straight forward.

Unfortunately, when I checked the machine after it had been recieving the backup files for several months, I found something a bit disturbing…Thousands of files!!! WTF!

The documentation seemed pretty straight forward and I was using this command in other parts of my manifests that worked as expected.

The fix!

The key was at the very end of the documention in the type section.

type

Set the mechanism for determining age. Default: atime.

Valid values are atime, mtime, ctime.

As you will note, the default is atime. Because the files are being FTP’d in, they are never being read by the system, simply written. So if you ran a command like find . -type f -atime +30, you would get zero results. My fix is pretty simple, change this to mtime and suddenly I have a lot less files on the system. The new code now looks like this:

  tidy { "/srv/ftp/mrbackup":
    path    => "/srv/ftp/mrbackup/",
    age     => "30d",
    backup  => false,
    recurse => true,
    type    => "mtime",
  }

Encryption

Looks like the government is at it again now that Apple has come out stating that they are not going to roll over and provide a master key to their iPhone software. Really NSA? How about the part where the terrorist didn’t use encryption in these attacks.

European media outlets are reporting that the location of a raid conducted on a suspected safe house Wednesday morning was extracted from a cellphone, apparently belonging to one of the attackers, found in the trash outside the Bataclan concert hall massacre. Le Monde reported that investigators were able to access the data on the phone, including a detailed map of the concert hall and an SMS messaging saying “we’re off; we’re starting.” Police were also able to trace the phone’s movements.

Why this matters

I know that there are a lot of people out there that think our government can do no wrong and national security is the most important thing that they can do. But there is a lawful way in which to handle this. The 4th amendment to the constitution should protect us from the massive surveillance systems that the government has put in place since 9/11. Yes, it was horrible what happened on that day and I’m still as pissed about it now as I was then. But I’m more upset at the eroding of our rights as politicians and government officials put in more programs to watch our electronic communications en mass.

Several companies have either released statements or made comments on the current state of encryption and working with the government in these matters. My company has stated this:

We condemn terrorism and have total solidarity with victims of terror. Those who seek to praise, promote, or plan terrorist acts have no place on our services. We also appreciate the difficult and essential work of law enforcement to keep people safe. When we receive lawful requests from these authorities we comply. However, we will continue to fight aggressively against requirements for companies to weaken the security of their systems. These demands would create a chilling precedent and obstruct companies’ efforts to secure their products

Tim Cook and Apple have their letter which ends with:

Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the U.S. government.

We are challenging the FBI’s demands with the deepest respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications.

While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.

So encrypt your backups, use https when ever possible. Set really difficult passwords and use a password manager like LastPass so you don’t forget them. Remember folks, just because you have nothing to hide, doesn’t mean you shouldn’t care about this subject. One person in particular that has brought more to light on the intrusions into our lives put it best:

If you think privacy is unimportant for you because you have nothing to hide, you might as well say free speech is unimportant for you because you have nothing useful to say.

–Edward Snowden

Gotta Jump

Steve Harvey nails it. Eventually, you’re going to have to jump! I jumped in a direction I wasn’t expecting and its been more beneficial to my family and career than I would have ever imagined.

You Gotta Jump To Be Successful

After I tape an episode at Family Feud I spend a few more minutes with the audience. I talk about jumping.

Posted by Steve Harvey on Wednesday, January 13, 2016

Who took a chance on you?

As my team locally and at other locations continues to grow, I have found myself thinking back to an article by Bijan Sibet talking about who took a chance on you. Each person I interview has different strengths and skills. Sometimes you go in looking for someone that may be really strong in one of those particular skills. But often times, you only get a glimpse of what they can really do in the 45-60 minutes that you have with them. Sometimes you know right away that there is something special about this person, sometimes you only have a hunch, but aren’t sure.

It makes me think back to someone that saw something in me when I certainly didn’t see it. That person was Jenny Simmons, Bartlett Hall Coordinator at the University of Northern Iowa. Jenny was in charge of running the residence hall, making sure the monkeys didn’t go completely nuts and finding and hiring resident assistants (RA) to help in all areas of a residents time at UNI.

I’ll be perfectly honest, going into college and even after my first year there, I had zero ambitions of being an RA. My freshman year RA was ok, not the greatest, but ok. I didn’t see much fun in the job. It wasn’t until my second year when I started to see some friends become RAs and I had an RA that was both having fun while keeping the train from coming off the rails. Because let’s face it, there is a lot to college that happens outside of the classroom.

About the time of the hiring orientation and interviewing process I would say one of the more significant events happened in my young life. My long term girlfriend at the time broke it off with me. We had been together 4+ years but she attended a different school and the distance got in the way. Yes, young love comes and goes but when you’re young, things like this do amazingly stupid things to your mind and ego. Needless to say, I was a bit of a mess over the whole thing. So I then did what any sane and rational person would do in a situation like this, I would put myself through relentless and grueling self reflective interviews of coarse.

What was I thinking?!?

The process basically works like this. You submit an application, you have a bunch of pre-interviews with various RAs and Hall coordinators and then you go into the halls to have MUCH more in depth interviews. As in, expect to spend 2-3 hours getting interviewed by the current RA staff of that hall. And not just one residence hall, sometimes multiple. I interviewed at 4 different halls. After all that, the hall coordinators have a 1 on 1 interview with you before they make their selections in what is roughly equivalent to a NFL draft day. I’m serious, trades are made, deals are done.

It was during this time that I probably was the most honest and most raw with my answers. If I blew an interview, who cares, move on. It was honestly pretty refreshing to remove the filter.

I’m not sure what Jenny saw in me during those interviews. Maybe it was a sense of humor. Maybe it was my complete lack of bullshit answers. I really don’t know for sure. But what I can tell you is this, it was one of the best jobs I ever had. I met some amazing people along the way both residents and fellow RAs. Some of which are my closest friends today. This is where I met my wife as she was on staff with me. And she will tell you, she was pretty sure we weren’t going to get along.

I have other people that took a chance on me, who took that chance on you?

What I recommend for a wireless setup

Normally talking about wireless networks isn’t the most exciting thing that one can talk about. But over the years I have been asked what my thoughts are for a setup or if I would setup a wireless network for someone. With that in mind, this is what I would recommend for a wireless setup if you were doing one from scratch. My in-laws built a new house a little while back and we did some planning ahead of time to account for a future access point that would be mounted once the drywall, texture and paint were all up. The plan is essentially still the same of what I would put in today, though I might go with a few more access points based on the size of the house. I recently just added another to my setup of the same model I have down below.

Their needs are pretty simple and based on the ranch style of the house, we could get away with 1 access point on the main floor as its a very open concept home. Planning ahead of time essentially meant having the electricians run a cat6 cable from the utility room, where we had other cat6 cables run for for each coax cable that was installed, to a certain location in the ceiling. From there I would do the rest as long as the cable was in an access box of some sort.

Most people will recommend Netgear or Linksys for a decent access point and router solution. While those are just fine, I like to go with something a little higher grade. For an access point, I really like the equipment from Ubiquiti. They come with a new controller software that you can either run on your machine when you need it or if you have a home server, you can install it there and simply hit the web page when you need to make a change. The Access Point (AP) that I recommend for folks is the Ubiquiti UniFi AP Enterprise WiFi System Long Range. Why the long range version? This was going as a single AP in the home. If you are doing multiple APs that you are going to place in several floors, I would go with the 3 pack option of the standard range which is more than you will need in a home. These are not your cheap access points that you get with a $60 Linksys, these are commercial grade that are used in businesses, hospitals, you name it. The controller software makes setting up a mesh of these pretty seamless. And to top it all off, when you install it against a ceiling, it looks like an oversized smoke detector and just blends into the background.

Now, the missing piece in this puzzle is you still need something to serve up DHCP and route your packets to the internet. I personally like the DD-WRT software so I will typically find one of the cheaper wifi / router models that specifically points out DD-WRT support. One of my favorite brands for this is either Buffalo or ASUS. You may not have heard of these but they are good enough for what we need and they save on the pocket book. For this particular install I went with the ASUS (RT-N12/B) Wireless-N 300 Advance wide coverage Home Router: Fast Ethernet, Build-in 5DBi antenna, 3 in 1 switch(Router/Repeater/Access Point) and support upto 4 Guest SSID(Open source DDWRT Support). The name just rolls off the tongue doesn’t it? The thing to remember is, once you get these units, you will need to follow the instructions on how to get DD-WRT on the device. This is not trivial by any means but its do-able if you are comfortable on a computer. My setup from here is pretty simple. I turn off wireless on the DD-WRT router as I have the APs to do that work for me. I then setup a DHCP range of 192.168.1.X with a few reservations for things such as the access point and away I go. The DD-WRT interface is straight forward but there are a few tabs where you can quickly get into the deep end. I recommend finding someone that knows what they are doing to set this part up for you. Overall, I keep my settings pretty basic. I customize the NTP and DNS servers that I want my clients to use and that’s about it. The DD-WRT software is free and its pretty powerful so if you really wanted to have some fun, you can setup guest networks that are separate from your home wifi so people coming to your house can’t see all the machines on your normal network. You know, those unsavory people you invite over like friends and family!

There you have it, my recommendations for a wireless setup in your home. A cheap router running DD-WRT and then your choice of 1 or more Ubiquiti Access Points. If you are curious the exact install configurations that I have, hit me up and I can provide them to you.