Saturday, November 25, 2017
Sharing Kindle content between Amazon household members
Amazon lets you create a "household" to share content, but it's really not obvious how you make kindle content from the other adult turn up on your kindle. Once you have created a household you need to go into each device under your devices section in the web app. There you can click a box to "show content from [insert other adult's name]". Then when you sync your phone kindle app or your physical kindle the books shared will show up. So you'll need to do that every time you want to read on a device.
Sunday, November 19, 2017
Adding a yubikey GPG key onto a new machine
If you are using a Yubikey encryption scheme and want to add the key onto a new system there's a few hoops to jump through. These instructions are for Ubuntu trusty.
First, get set up for using the yubikey:
One more note: If you have multiple yubikeys for the same secret key and need to switch to using one of the other yubikeys I've had some problems with gpg wanting to see the card with the previous serial number, even if you delete the secret key. On the mac I found the easiest way to clean this up was to quit GPG Keychain and just remove the whole gnupg directory:
First, get set up for using the yubikey:
sudo apt-get install gnupg-agent scdaemon pcscd pcsc-tools
you probably need to logout and back in. This post has extra setup, but I didn't have to do any of that, perhaps the gnome keyring badness has been fixed now.
Now check your yubikey is recognized:
pcsc_scan gpg --card-status
Import the public key into the keyring and trust it:
gpg --import mykey_public_only.ascYou should now be good to go!
gpg --expert --edit-key 123456
trust (set to ultimate)
save
One more note: If you have multiple yubikeys for the same secret key and need to switch to using one of the other yubikeys I've had some problems with gpg wanting to see the card with the previous serial number, even if you delete the secret key. On the mac I found the easiest way to clean this up was to quit GPG Keychain and just remove the whole gnupg directory:
rm -rf ~/.gnupgYou should then be able to import the public key again and get it set up with the new yubikey by running:
gpg --card-status
Monday, October 23, 2017
Upgrading dd-wrt to protect against CVE-2017-14493
Google found, and worked with the dnsmasq author to fix, a bunch of vulnerabilities in dnsmasq. Now everyone needs to update tons of devices, including your router.
It's been a while since I updated this firmware so I had to figure it out from scratch again. AFAICT the procedure is to go find your router in the dd-wrt database. Hopefully it's supported. If it is you can go download the latest firmware from the ftp server and upload via the web interface. Anything later than 33430 should contain the fix.
It's been a while since I updated this firmware so I had to figure it out from scratch again. AFAICT the procedure is to go find your router in the dd-wrt database. Hopefully it's supported. If it is you can go download the latest firmware from the ftp server and upload via the web interface. Anything later than 33430 should contain the fix.
Friday, May 26, 2017
Switching yubikeys
In this post I described how I set up gpg keys on a yubikey. Since I have multiple yubikeys for some redundancy I occasionally have to use a different one. This basically involves deleting the secret key and re-importing it from the yubikey.
Open up GPG keychain and click through the scary warning to delete the secret keys. If you set it up right these are only stubs, the actual key is on the yubikey. Once you've done that, insert the key you want to use and get the stubs recreated with:
On OSX
Open up GPG keychain and click through the scary warning to delete the secret keys. If you set it up right these are only stubs, the actual key is on the yubikey. Once you've done that, insert the key you want to use and get the stubs recreated with:
$ gpg --card-status
Tuesday, March 28, 2017
Managing go versions with gvm
gvm is a way to manage multiple go versions. It has some strange behaviour with go paths that I don't really understand. It essentially sets your GOPATH to a different directory for every version. You could just append your real go path, but it seems like there might be tooling that doesn't expect gopath to be a list.
My solution was to:
gvm install go1.8 gvm use go1.8 gvm pkgenvThis pops $EDITOR which you can use to set your go path to $HOME/go. Check it with:
go env
Tuesday, January 10, 2017
kubectl Kubernetes Cheat Sheet
A complement to the official kubectl cheat sheet.
Getting kubectl
There's better ways to install it for permanent use, but here's a quick way for temporary use:
Namespaces
What permissions do I have?
DaemonSet
Creating a daemonset:
Get a shell in a container
Getting kubectl
There's better ways to install it for permanent use, but here's a quick way for temporary use:
export PATH=/tmp:$PATH cd /tmp; curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl; chmod 555 kubectlNodes
$ kubectl get nodes $ kubectl get nodes/gke-hello-world-default-pool-9dbb0d2c-5qkl --show-labels $ kubectl label nodes --all mylabel=myvalue $ kubectl label nodes --all mylabel-
Namespaces
$ kubectl get all -n mynamespaceRBAC
What permissions do I have?
kubectl auth can-i --listAll clusterrolebindings:
kubectl get clusterrolebinding -o yamlRole bindings for all namespaces:
kubectl get rolebinding --all-namespaces -o yamlPrivileges of current user:
kubectl create -f - -o yaml << EOF apiVersion: authorization.k8s.io/v1 kind: SelfSubjectRulesReview spec: namespace: system EOF
DaemonSet
Creating a daemonset:
$ echo 'apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: daemonset-example spec: template: metadata: labels: app: daemonset-example spec: containers: - name: daemonset-example image: ubuntu:trusty command: - /bin/sh args: - -c - >- while [ true ]; do echo "DaemonSet running on $(hostname)" ; sleep 10 ; done ' | kubectl create -f -
$ kubectl delete daemonset daemonset-example
Get a shell in a container
$ kubectl run --rm=true -i --tty ubuntu --image=ubuntu -- /bin/bash # Or with an existing container $ kubectl exec -it shell-demo -- /bin/bash
Subscribe to:
Posts (Atom)