hugo_0.80.jasper.la.rss.xml - sfeed_tests - sfeed tests and RSS and Atom files
(HTM) git clone git://git.codemadness.org/sfeed_tests
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
hugo_0.80.jasper.la.rss.xml (44024B)
---
1 <?xml version="1.0" encoding="utf-8" standalone="yes"?>
2 <rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
3 <channel>
4 <title>jasper.la</title>
5 <link>https://jasper.la/</link>
6 <description>Recent content on jasper.la</description>
7 <generator>Hugo -- gohugo.io</generator>
8 <language>en-us</language>
9 <copyright>&copy; 2014 - 2020 Jasper Lievisse Adriaanse</copyright>
10 <lastBuildDate>Tue, 12 Jan 2021 00:00:00 +0000</lastBuildDate><atom:link href="https://jasper.la/index.xml" rel="self" type="application/rss+xml" />
11 <item>
12 <title>Holiday Hack Challenge 2020 -- KringleCon 3</title>
13 <link>https://jasper.la/posts/kringlecon-2020-write-up/</link>
14 <pubDate>Tue, 12 Jan 2021 00:00:00 +0000</pubDate>
15
16 <guid>https://jasper.la/posts/kringlecon-2020-write-up/</guid>
17 <description>Right before the end of 2020 I completed the Holiday Hack Challenge 2020. Though it&rsquo;s obviously not the first type this conference took place, it was the first time I participated. Below is my write-up of the primary objectives along with a selection of side-challenges.
18 Objectives:
19 Uncover Santa&rsquo;s Gift List Investigate S3 Bucket Point-of-Sale Password Recovery Operate the Santavator Open HID Lock Splunk Challenge Solve the Sleigh&rsquo;s CAN-D-BUS Broken Tag Generator ARP Shenanigans Defeat Fingerprint Sensor Naughty/Nice List with Blockchain Investigation (part 1, part 2) Challenges:</description>
20 </item>
21
22 <item>
23 <title>Angr 9 SimFile without SimSymbolicMemory</title>
24 <link>https://jasper.la/posts/angr-9-simfile-without-simsymbolicmemory/</link>
25 <pubDate>Mon, 11 Jan 2021 00:00:00 +0000</pubDate>
26
27 <guid>https://jasper.la/posts/angr-9-simfile-without-simsymbolicmemory/</guid>
28 <description>Whilst working on angr_ctf in order to properly dive into Angr, there was one exercise which required the use of a symbolic filesystem with SimFile backed by symbolic memory. This particular challenge requires a particular input to be present in the input file and as such act as the password. The filename can be quickly looked up in the binary; the contents however will be made symbolic so we can solve for that.</description>
29 </item>
30
31 <item>
32 <title>Brixel CTF 2020 write up</title>
33 <link>https://jasper.la/posts/brixel-ctf-2020-write-up/</link>
34 <pubDate>Mon, 04 Jan 2021 00:00:00 +0000</pubDate>
35
36 <guid>https://jasper.la/posts/brixel-ctf-2020-write-up/</guid>
37 <description>This year I participated in the Brixel CTF winter edition along with another player from the Darknet Diaries Discord community. Despite some stability issues on the server side this CTF had some fun puzzles although some more challenging puzzles would be appreciated for a future installment. Below is my write up of a few of them &ndash; I ended up solving a few more but I didn&rsquo;t keep any notes on them.</description>
38 </item>
39
40 <item>
41 <title>Creating a minimal RISC-V learning environment</title>
42 <link>https://jasper.la/posts/creating-a-minimal-risc-v-learning-environment/</link>
43 <pubDate>Sat, 24 Oct 2020 00:00:00 +0000</pubDate>
44
45 <guid>https://jasper.la/posts/creating-a-minimal-risc-v-learning-environment/</guid>
46 <description>It was while watching Bryan Cantrill&rsquo;s presentation &ldquo;The Soul of a New Machine&rdquo;1 that my interest for RISC-V was piqued. I vaguely remember looking at RISC-V a while ago but at the time hardware wasn&rsquo;t readily available unless you had an FPGA to run it on. Nowadays there&rsquo;s ample choice of both 32-bit and 64-bit hardware to buy.
47 No RISC, no fun First off, a very brief introduction to RISC-V and the different extensions which are available.</description>
48 </item>
49
50 <item>
51 <title>NetSetMan 4.7.1 Unicode exploit</title>
52 <link>https://jasper.la/posts/netsetman-unicode-exploit/</link>
53 <pubDate>Sat, 06 Jun 2020 00:00:00 +0000</pubDate>
54
55 <guid>https://jasper.la/posts/netsetman-unicode-exploit/</guid>
56 <description>As part of the this course the first assignment is to create a working exploit against NetSetMan 4.7.1 using a buffer overflow vulnerability. If you wish to follow along, the installer can be found on Exploit-DB. Additionally I&rsquo;m using a Windows XP SP3 (EN) VM making this a no-ASLR, 32-bit setup.
57 Fuzzing Since the assignment doesn&rsquo;t state where or how to trigger the overflow we have to fuzz it first, and as it doesn&rsquo;t expose any network ports this reduces the attack surface to either importing profiles or freeform text input.</description>
58 </item>
59
60 <item>
61 <title>Compiling win32 assembly on OpenBSD</title>
62 <link>https://jasper.la/posts/win32-asm-on-openbsd/</link>
63 <pubDate>Thu, 21 May 2020 00:00:00 +0000</pubDate>
64
65 <guid>https://jasper.la/posts/win32-asm-on-openbsd/</guid>
66 <description>Recently I&rsquo;ve finished the Practical Malware Analysis book and I&rsquo;ve wanted to familiarise myself a bit more with the Win32 API. After spending a good amount of time on setting up Visual Studio C++ for MASM (Microsoft Macro Assembler) I wanted to stab myself in the eye with a rusty fork due to the overload of visual clutter. Alas, running plain MASM on Windows 10 seems to be a no-go these days.</description>
67 </item>
68
69 <item>
70 <title>Poking old format string bugs</title>
71 <link>https://jasper.la/posts/poking-old-format-string-bugs/</link>
72 <pubDate>Thu, 23 Apr 2020 00:00:00 +0000</pubDate>
73
74 <guid>https://jasper.la/posts/poking-old-format-string-bugs/</guid>
75 <description>Earlier this week I ran into a fairly old format string bug in the Exuberant Ctags implementation, and it turns out this particular issue was fixed back in November 2009. However it wasn&rsquo;t picked up by vendors at the time. This isn&rsquo;t a critical issue, but seeing this fixed in SVN without a proper release being made afterwards resulted in only those who decided to ship a package based on a Subversion checkout to have the fix.</description>
76 </item>
77
78 <item>
79 <title>Exploring Zyxel GS1900 firmware with Ghidra</title>
80 <link>https://jasper.la/posts/exploring-zyxel-gs1900-firmware-with-ghidra/</link>
81 <pubDate>Thu, 14 Nov 2019 00:00:00 +0000</pubDate>
82
83 <guid>https://jasper.la/posts/exploring-zyxel-gs1900-firmware-with-ghidra/</guid>
84 <description>or, how I found multiple vulnerabilities on a lazy Sunday afternoon Earlier this year the NSA released Ghidra, a reverse engineering suite with support for a large number of CPU/MCU instruction sets. While I have some experience with Hopper and radare2 I wanted to play with Ghidra to poke around the firmware for my Zyxel GS1900-8 switch which runs on a 32-bit MIPS CPU. All in all this has turned out to be an interesting exploration of both Ghidra and the GS1900-8-2.</description>
85 </item>
86
87 <item>
88 <title>ROP Emporium - ret2csu</title>
89 <link>https://jasper.la/posts/ropemporium-8-ret2csu/</link>
90 <pubDate>Thu, 05 Sep 2019 00:00:00 +0000</pubDate>
91
92 <guid>https://jasper.la/posts/ropemporium-8-ret2csu/</guid>
93 <description>ret2csu, the final ROP Emporium challenge. This one is GLIBC-specific but nonetheless it is a fun exercise which forces you to look beyond the standard functions which the application author wrote and instead explore other parts of the binary which are essentially provided by the ecosystem.
94 Exploring the binary Not much going on with this binary:
95 jasper@ropper:~/ropemporium/ret2csu$ checksec ret2csu [*] &#39;/home/jasper/ropemporium/ret2csu/ret2csu&#39; Arch: amd64-64-little RELRO: Partial RELRO Stack: No canary found NX: NX enabled PIE: No PIE (0x400000) And as expected there is no usefulFunction or usefulGadgets:</description>
96 </item>
97
98 <item>
99 <title>ROP Emporium - pivot</title>
100 <link>https://jasper.la/posts/ropemporium-7-pivot/</link>
101 <pubDate>Wed, 04 Sep 2019 00:00:00 +0000</pubDate>
102
103 <guid>https://jasper.la/posts/ropemporium-7-pivot/</guid>
104 <description>The pivot challenge creates a situation where stack space is limited. This means that our full payload cannot be stored on the stack and instead must be located elsewhere in memory. However in order to start executing the code pointed to from the new stack we have to swap stacks! This is called pivoting and let&rsquo;s get started.
105 Exploring the binary The pivot binary is linked with libpivot.so:
106 jasper@ropper:~/ropemporium/pivot$ checksec pivot [*] &#39;/home/jasper/ropemporium/pivot/pivot&#39; Arch: amd64-64-little RELRO: Partial RELRO Stack: No canary found NX: NX enabled PIE: No PIE (0x400000) RPATH: &#39;.</description>
107 </item>
108
109 <item>
110 <title>ROP Emporium - fluff</title>
111 <link>https://jasper.la/posts/ropemporium-6-fluff/</link>
112 <pubDate>Mon, 02 Sep 2019 00:00:00 +0000</pubDate>
113
114 <guid>https://jasper.la/posts/ropemporium-6-fluff/</guid>
115 <description>Fluff was a challenge that is actually challenging, up to the point where you have a realisation and from there on it&rsquo;s fairly straightforward.
116 Exploring the binary Nothing special going on still with this binary in terms of canaries or the likes:
117 [*] &#39;/home/jasper/ropemporium/fluff/fluff&#39; Arch: amd64-64-little RELRO: Partial RELRO Stack: No canary found NX: NX enabled PIE: No PIE (0x400000) And again usefulFunction() contains a reference to system():
118 [0x00400650]&gt; afl 0x004005a0 3 26 sym.</description>
119 </item>
120
121 <item>
122 <title>ROP Emporium - badchars</title>
123 <link>https://jasper.la/posts/ropemporium-5-badchars/</link>
124 <pubDate>Fri, 30 Aug 2019 00:00:00 +0000</pubDate>
125
126 <guid>https://jasper.la/posts/ropemporium-5-badchars/</guid>
127 <description>The previous challenge taught a very important pattern of &ldquo;the mover&rdquo; by performing chunked writes of arbitrary data into memory. This next challenge deals with a illegal or bad characters. Most everyone who has written exploits before has run into them at some point. Manually searching for which bytes are considered bad can be rather time consuming so plenty of tools have incorporated automatic detection. In our case the input characters which will result in badbytes have also been provided to us to make it easier to focus on the actual exploit.</description>
128 </item>
129
130 <item>
131 <title>ROP Emporium - write4</title>
132 <link>https://jasper.la/posts/ropemporium-4-write4/</link>
133 <pubDate>Wed, 28 Aug 2019 00:00:00 +0000</pubDate>
134
135 <guid>https://jasper.la/posts/ropemporium-4-write4/</guid>
136 <description>With basic knowledge of how the GOT and PLT work and how function calls go through them along with a basic understanding of the amd64 ABI calling convention we can start looking for real gadgets now. In fact in this assignment we&rsquo;ll look at a really helpful way of loading arbitrary data into memory.
137 Exploring the binary Just like before, let&rsquo;s start off by exploring the binary bit to get a feel for what we&rsquo;re dealing with here:</description>
138 </item>
139
140 <item>
141 <title>ROP Emporium - callme</title>
142 <link>https://jasper.la/posts/ropemporium-3-callme/</link>
143 <pubDate>Sat, 24 Aug 2019 00:00:00 +0000</pubDate>
144
145 <guid>https://jasper.la/posts/ropemporium-3-callme/</guid>
146 <description>After familiarising ourselves with a simple buffer overflow in ret2win to overwrite the return address first, and then searching and using our first real gadget in split we will now focus on the Procedure Linkage Table (PLT). While here the functions that need to be called will all be using three arguments, thus exposing a little bit more of the amd64 calling convention.
147 Exploring the binary It should be a familiar routine by now to check the binary for any compiled-in security measures, followed by looking for strings and functions.</description>
148 </item>
149
150 <item>
151 <title>ROP Emporium - split</title>
152 <link>https://jasper.la/posts/ropemporium-2-split/</link>
153 <pubDate>Thu, 22 Aug 2019 00:00:00 +0000</pubDate>
154
155 <guid>https://jasper.la/posts/ropemporium-2-split/</guid>
156 <description>In the previous post I tried to explain what ROP is and how I solved the ROP Emporium ret2win. This write-up will be about the second challenge: split. We&rsquo;ll look at finding our first gadget and how to go about using it in a chain.
157 Exploring the binary First explore the binary to see what we&rsquo;re up against:
158 $ rabin2 -I split | grep nx nx true $ rabin2 -z split [Strings] Num Paddr Vaddr Len Size Section Type String 000 0x000008a8 0x004008a8 21 22 (.</description>
159 </item>
160
161 <item>
162 <title>ROP Emporium - ret2win</title>
163 <link>https://jasper.la/posts/ropemporium-1-ret2win/</link>
164 <pubDate>Wed, 21 Aug 2019 00:00:00 +0000</pubDate>
165
166 <guid>https://jasper.la/posts/ropemporium-1-ret2win/</guid>
167 <description>Over the past couple of week I&rsquo;ve set myself the goal of learning how Return Oriented Programming (ROP) really works. Coincidentally, over at Hack the Box there have recently been multiple instances where one needed to exploit a binary using ROP. Whilst doing some research on the topic I ran into ROP Emporium and this has proven to be very valuable resource. This site hosts eight challenges with an increasing level of difficulty and along the way it touches upon various concepts related to ROP and binary exploitation.</description>
168 </item>
169
170 <item>
171 <title>WireGuard on OpenBSD</title>
172 <link>https://jasper.la/posts/wireguard-on-openbsd/</link>
173 <pubDate>Thu, 16 May 2019 00:00:00 +0000</pubDate>
174
175 <guid>https://jasper.la/posts/wireguard-on-openbsd/</guid>
176 <description>Earlier this week I imported a port for WireGuard into the OpenBSD ports tree. At the moment we have the userland daemon and the tools available. The in-kernel implementation is only available for Linux. At the time of writing there are packages available for -current.As of June 2020 support for WireGuard has been committed to the kernel as wg(4) along with support in ifconfig(8). Please see these two posts on the WireGuard mailinglist on how to set it up or how migrate from a setup as described below: setup and migrate from Linux.</description>
177 </item>
178
179 <item>
180 <title>SLAE64 - Crypter</title>
181 <link>https://jasper.la/posts/slae64-assignment-7/</link>
182 <pubDate>Fri, 25 Jan 2019 00:00:00 +0000</pubDate>
183
184 <guid>https://jasper.la/posts/slae64-assignment-7/</guid>
185 <description>The seventh and final assignment of the SLAE64 exam states:
186 Create a custom crypto like the one shown in the &ldquo;crypters&rdquo; video Free to use any existing encryption schema Can use any programming language Initially I wanted to use the Tiny Encryption Algorithm but decided against it and instead chose the ChaCha20 stream cipher. The reason is that while TEA is an interesting exercise is simplicity, ChaCha20 is much more relevant today.</description>
187 </item>
188
189 <item>
190 <title>SLAE64 - Polymorphic shellcode</title>
191 <link>https://jasper.la/posts/slae64-assignment-6/</link>
192 <pubDate>Thu, 24 Jan 2019 00:00:00 +0000</pubDate>
193
194 <guid>https://jasper.la/posts/slae64-assignment-6/</guid>
195 <description>The sixth assignment of the SLAE64 exam states:
196 Take up to 3 shellcodes from Shell-Storm and create polymorphic version of them to beat pattern matching The polymorphic versions cannot be larger than 150% of the original shellcode Bonus points for making it shorter in length than original When researching polymorphism one is certain to encounter the Polymorphic Shellcode Engine Using Spectrum Analysis article from Phrack Magazine.
197 Our polymorphic versions are a lot simpler than what is described in this seminal article.</description>
198 </item>
199
200 <item>
201 <title>SLAE64 - Metasploit analysis</title>
202 <link>https://jasper.la/posts/slae64-assignment-5/</link>
203 <pubDate>Wed, 23 Jan 2019 00:00:00 +0000</pubDate>
204
205 <guid>https://jasper.la/posts/slae64-assignment-5/</guid>
206 <description>The fifth assignment of the SLAE64 exam states:
207 Take up at least 3 shellcode samples created using Msfvenom (née Msfpayload) for linux/x86_64 Use GDB to dissect the functionality of the shellcode Document your analysis One thing that immediately stands out is the relative lack in diversity when it comes to linux/x64 payloads. In the end I chose the following payloads for my analysis:
208 linux/x64/shell_bind_tcp_random_port linux/x64/shell_bind_tcp linux/x64/shell_reverse_tcp shell_bind_tcp_random_port The latter two payloads I chose because of how often their used and I wanted to determine what exactly they do precisely because of their popularity.</description>
209 </item>
210
211 <item>
212 <title>SLAE64 - Custom Encoder</title>
213 <link>https://jasper.la/posts/slae64-assignment-4/</link>
214 <pubDate>Tue, 22 Jan 2019 00:00:00 +0000</pubDate>
215
216 <guid>https://jasper.la/posts/slae64-assignment-4/</guid>
217 <description>The fourth assignment of the SLAE64 exam states:
218 Create a custom encoding scheme like the &ldquo;insertion encoder&rdquo; we showed you PoC with using execve-stack as the shellcode to encode with your schema and execute For this assignment I wrote a script which supports two encoders and it can also help to decode shellcode.
219 I wrote a simple &ldquo;off-by-one&rdquo; encoder which increments each byte by 0x1. It&rsquo;s obviously a pun.</description>
220 </item>
221
222 <item>
223 <title>SLAE64 - Egg Hunter</title>
224 <link>https://jasper.la/posts/slae64-assignment-3/</link>
225 <pubDate>Mon, 21 Jan 2019 00:00:00 +0000</pubDate>
226
227 <guid>https://jasper.la/posts/slae64-assignment-3/</guid>
228 <description>The third assignment of the SLAE64 exam states:
229 Study about the Egg Hunter shellcode Create a working demo of the Egg Hunter It should be configurable for different payloads I for one had not heard before of the concept of an egg hunter so a little searching around led me to a (the?) paper by skape called Safely Searching Process Virtual Address Space published in 2004.
230 In a nutshell an egg hunter is a piece of code that searches the virtual address space (VAS) of a process looking for a predefined marker, called an egg.</description>
231 </item>
232
233 <item>
234 <title>SLAE64 - Reverse TCP shellcode</title>
235 <link>https://jasper.la/posts/slae64-assignment-2/</link>
236 <pubDate>Sun, 20 Jan 2019 00:00:00 +0000</pubDate>
237
238 <guid>https://jasper.la/posts/slae64-assignment-2/</guid>
239 <description>The second assignment of the SLAE64 exam states:
240 Create a Shell_Reverse_TCP shellcode: Reverse connects to configure IP and port Needs a &ldquo;passcode&rdquo; If passcode is correct then execute a shell Remove 0x00 from the Reverse TCP shellcode discussed in the course Reverse TCP shellcode This is quite a lot simpler than the previous exercise in that we don&rsquo;t have to bind to the socket before listening to it and accepting incoming connections.</description>
241 </item>
242
243 <item>
244 <title>SLAE64 - Bind TCP shellcode</title>
245 <link>https://jasper.la/posts/slae64-assignment-1/</link>
246 <pubDate>Fri, 18 Jan 2019 00:00:00 +0000</pubDate>
247
248 <guid>https://jasper.la/posts/slae64-assignment-1/</guid>
249 <description>The first assignment of the SLAE64 exam states:
250 Create a Shell_Bind_TCP shellcode: Binds to a port Needs a &ldquo;passcode&rdquo; If passcode is correct then execute a shell Remove 0x00 from the Bind TCP shellcode discussed in the course Shell Bind TCP shellcode The first assignment is to create a shell bind TCP shellcode which requires a passcode to spawn a shell. What happens when a wrong password is entered isn&rsquo;t defined so I&rsquo;ll just exit with a non-zero return code.</description>
251 </item>
252
253 <item>
254 <title>nasm on OpenBSD</title>
255 <link>https://jasper.la/posts/nasm-on-openbsd/</link>
256 <pubDate>Tue, 15 Jan 2019 00:00:00 +0000</pubDate>
257
258 <guid>https://jasper.la/posts/nasm-on-openbsd/</guid>
259 <description>Recently I decided to study for the SLAE64 course from Pentester Academy to work on my assembly knowledge, specifically on x86_64. Through the course does focus on Linux I want to apply the knowledge to OpenBSD/amd64 too and thus I installed NASM and looked at what I needed to adjust on my Linux samples to get it working on OpenBSD. Turns out, not that much actually!
260 Both operating systems use same calling convention, namely the System V AMD64 ABI.</description>
261 </item>
262
263 <item>
264 <title>Setting up NetBox on OpenBSD</title>
265 <link>https://jasper.la/posts/setting-up-netbox-on-openbsd/</link>
266 <pubDate>Sat, 12 May 2018 00:00:00 +0000</pubDate>
267
268 <guid>https://jasper.la/posts/setting-up-netbox-on-openbsd/</guid>
269 <description>The following documents the steps needed to setup NetBox on OpenBSD. I am running NetBox on a PC Engines APU which holds up fairly well and I have since migrated my own setup from RackTables to NetBox, primarily because of the API functionality NetBox offers which allows for integration with SaltStack. But more on that some other time.
270 I have ported a few dependencies but gave up after realising all of the Django applications/modules needed to be ported including their dependencies.</description>
271 </item>
272
273 <item>
274 <title>Salt managed TLS files</title>
275 <link>https://jasper.la/posts/salt-managed-tls-files/</link>
276 <pubDate>Mon, 15 Jan 2018 00:00:00 +0000</pubDate>
277
278 <guid>https://jasper.la/posts/salt-managed-tls-files/</guid>
279 <description>When managing configuration for various services, you&rsquo;ll (hopefully) end up having to install TLS certificates at some point. Instead of having to come up with the same logic in various modules, roles or formulas I&rsquo;ve had an Ansible role for a while that bundled all the logic into a single role that used the vault to obtain all certificates, keys and bundles that needed to be managed on a given node.</description>
280 </item>
281
282 <item>
283 <title>Consul with SMF on Solaris</title>
284 <link>https://jasper.la/posts/consul-with-smf-on-solaris/</link>
285 <pubDate>Tue, 28 Feb 2017 00:00:00 +0000</pubDate>
286
287 <guid>https://jasper.la/posts/consul-with-smf-on-solaris/</guid>
288 <description>Whilst setting up consul on SmartOS I noticed the packages distributed through pkgsrc were lagging behind a bit and the upstream &ldquo;distribution&rdquo; contains only the consul binary.
289 Running consul -dev in a tmux window will get boring pretty quickly, so I came up with the following SMF manifest using manifold which supports start, stop and refresh (triggers a configuration reload):
290 &lt;?xml version=&#34;1.0&#34;?&gt; &lt;!DOCTYPE service_bundle SYSTEM &#34;/usr/share/lib/xml/dtd/service_bundle.dtd.1&#34;&gt; &lt;!-- Created by Manifold --&gt; &lt;service_bundle type=&#34;manifest&#34; name=&#34;consul&#34;&gt; &lt;service name=&#34;site/consul&#34; type=&#34;service&#34; version=&#34;1&#34;&gt; &lt;create_default_instance enabled=&#34;true&#34;/&gt; &lt;single_instance/&gt; &lt;dependency name=&#34;network&#34; grouping=&#34;require_all&#34; restart_on=&#34;error&#34; type=&#34;service&#34;&gt; &lt;service_fmri value=&#34;svc:/milestone/network:default&#34;/&gt; &lt;/dependency&gt; &lt;dependency name=&#34;filesystem&#34; grouping=&#34;require_all&#34; restart_on=&#34;error&#34; type=&#34;service&#34;&gt; &lt;service_fmri value=&#34;svc:/system/filesystem/local&#34;/&gt; &lt;/dependency&gt; &lt;method_context&gt; &lt;method_credential user=&#34;consul&#34; group=&#34;consul&#34;/&gt; &lt;/method_context&gt; &lt;exec_method type=&#34;method&#34; name=&#34;start&#34; exec=&#34;/usr/local/bin/consul agent -config-dir %{config_dir}&#34; timeout_seconds=&#34;60&#34;/&gt; &lt;exec_method type=&#34;method&#34; name=&#34;stop&#34; exec=&#34;:kill&#34; timeout_seconds=&#34;60&#34;/&gt; &lt;exec_method type=&#34;method&#34; name=&#34;refresh&#34; exec=&#34;:kill -HUP&#34; timeout_seconds=&#34;10&#34;/&gt; &lt;property_group name=&#34;startd&#34; type=&#34;framework&#34;&gt; &lt;propval name=&#34;duration&#34; type=&#34;astring&#34; value=&#34;child&#34;/&gt; &lt;propval name=&#34;ignore_error&#34; type=&#34;astring&#34; value=&#34;core,signal&#34;/&gt; &lt;/property_group&gt; &lt;property_group name=&#34;application&#34; type=&#34;application&#34;&gt; &lt;propval name=&#34;config_dir&#34; type=&#34;astring&#34; value=&#34;/etc/consul.</description>
291 </item>
292
293 <item>
294 <title>Ansible modules for SmartOS imgadm and vmadm</title>
295 <link>https://jasper.la/posts/ansible-modules-for-smartos-imgadm-and-vmadm/</link>
296 <pubDate>Sat, 21 Jan 2017 00:00:00 +0000</pubDate>
297
298 <guid>https://jasper.la/posts/ansible-modules-for-smartos-imgadm-and-vmadm/</guid>
299 <description>As mentioned in an earlier post I&rsquo;d been working on two new Ansible modules; for imgadm(1M) and vmadm(1M). So here I want to demonstrate these new modules which will be part of Ansible 2.3.
300 imgadm The imgadm module allow for managing both images and data sources. Let&rsquo;s start by adding a new data source:
301 - name: Add datasets.at source imgadm: source: 'http://datasets.at/' state: present And we can remove it just as easily:</description>
302 </item>
303
304 <item>
305 <title>Running Ansible in the SmartOS global zone</title>
306 <link>https://jasper.la/posts/running-ansible-in-the-smartos-global-zone/</link>
307 <pubDate>Mon, 02 Jan 2017 00:00:00 +0000</pubDate>
308
309 <guid>https://jasper.la/posts/running-ansible-in-the-smartos-global-zone/</guid>
310 <description>None of the machines I currently run SmartOS on are big enough to run SDC/Triton, so I looked at Rundeck for creating zone definitions. and provisioning new zones as jobs. However Rundeck is unable to dynamically add new option fields. This is required for example in order to manage fields with an arbitrary number of keys, such as the network interfaces or disks.
311 In the meantime I&rsquo;ve wanted to be able to run Ansible on my SmartOS nodes for a while now.</description>
312 </item>
313
314 <item>
315 <title>Fun with Ansible variable interpolation</title>
316 <link>https://jasper.la/posts/fun-with-ansible-variable-interpolation/</link>
317 <pubDate>Tue, 25 Oct 2016 00:00:00 +0000</pubDate>
318
319 <guid>https://jasper.la/posts/fun-with-ansible-variable-interpolation/</guid>
320 <description>After losing some hair over the question how does Ansible do hiera-style %{} variable interpolation?I figured I&rsquo;d jot down my findings. If nothing else, it&rsquo;ll serve as a handy cheatsheet for future me.
321 Background In Hiera one can do variable interpolation and internal lookups. So that&rsquo;s Hiera calls withing Hiera. Very handy to reduce deplication as it helps to compose variables out of values from other layers in your hierarchy. For example on an office level you can define your gateway, and on a node-level you can re-use the value of the gateway in your per-interface config:</description>
322 </item>
323
324 <item>
325 <title>OpenBSD pkg.conf installpath handling with Ansible</title>
326 <link>https://jasper.la/posts/openbsd-pkg-conf-with-ansible/</link>
327 <pubDate>Wed, 19 Oct 2016 00:00:00 +0000</pubDate>
328
329 <guid>https://jasper.la/posts/openbsd-pkg-conf-with-ansible/</guid>
330 <description>Probably everyone using Ansible on OpenBSD figured this out already, but I thought it was quite a nifty application of Jinja templating.
331 The way pkg.conf is built when using multiple installpath lines is:
332 installpath = mirror1 installpath += mirror2 The template I settled on is:
333 {# Magic for handling the &#39;=&#39; vs &#39;+=&#39; #} {% if &#39;installpath&#39; in base_openbsd_pkgconf %} {% set first = True -%} {% for i in base_openbsd_pkgconf[&#39;installpath&#39;] %} installpath {% if not first %}+{% endif %}= {{ i }} {% set first = False -%} {% endfor -%} {% endif -%} Where base_openbsd_conf['installpath'] is an array of mirror addresses:</description>
334 </item>
335
336 <item>
337 <title>Ansible pkgin module improvements</title>
338 <link>https://jasper.la/posts/ansible-pkgin-module-improvements/</link>
339 <pubDate>Wed, 04 May 2016 00:00:00 +0000</pubDate>
340
341 <guid>https://jasper.la/posts/ansible-pkgin-module-improvements/</guid>
342 <description>The default pkgsrc package manager for a bunch of platforms, including SmartOS, is pkgin. While working on a role for dsapid (see: Setting up a SmartOS image server) I noticed that several pieces of functionality of pkgin were not supported by the Ansible module.
343 As a result one couldn&rsquo;t use the module in a newly provisioned zone. This was due to the fact that in a fresh zone the pkgin cache is not yet populated, so installing a package would fail.</description>
344 </item>
345
346 <item>
347 <title>Setting up a SmartOS image server</title>
348 <link>https://jasper.la/posts/setting-up-a-smartos-image-server/</link>
349 <pubDate>Tue, 22 Mar 2016 00:00:00 +0000</pubDate>
350
351 <guid>https://jasper.la/posts/setting-up-a-smartos-image-server/</guid>
352 <description>Recently I&rsquo;ve found myself in need of having a local SmartOS image server; while Joyent has a datacenter in Amsterdam, it seems that images are still pulled from the US west coast. After trying various servers and even the plain nginx setup (though that doesn&rsquo;t appear to work anymore with imgadm v3), I finally ran into dsapid. After a bit of research it turns out there&rsquo;s bits and pieces of documentation scattered across the web, so here&rsquo;s one page which tries to bring it all together.</description>
353 </item>
354
355 <item>
356 <title>Docker on SmartOS, the harder way</title>
357 <link>https://jasper.la/posts/docker-on-smartos-the-harder-way/</link>
358 <pubDate>Tue, 01 Mar 2016 00:00:00 +0000</pubDate>
359
360 <guid>https://jasper.la/posts/docker-on-smartos-the-harder-way/</guid>
361 <description>SmartOS supports running Docker containers through Triton (SmartDataCenter). However I don&rsquo;t have an entire datacenter at my disposal and the recommended specs for Triton are a bit more than the hardware I have available. I just want to run Docker containers on a single machine.
362 A little bit of background: SmartOS supports running native Linux binaries in LX-branded zones through their Linux emulation. This is the base for regular LX-branded zones (behaves like a normal Solaris zone) and thus also allows for pulling images from the Docker Hub and running them unmodified.</description>
363 </item>
364
365 <item>
366 <title>Populating resolv.conf with DCHP on SmartOS zones</title>
367 <link>https://jasper.la/posts/populating-resolv-conf-with-dhcp-on-smartos-zones/</link>
368 <pubDate>Sat, 20 Feb 2016 00:00:00 +0000</pubDate>
369
370 <guid>https://jasper.la/posts/populating-resolv-conf-with-dhcp-on-smartos-zones/</guid>
371 <description>Recently I started to experiment with SmartOS a bit more than my initial ooh, I a working zone&hellip;it&rsquo;s nice weather today. So far I cannot help but feel that SmartOS feels Just Right.
372 At one point I needed to spin up a bunch of OS zones where I didn&rsquo;t care about their IP addresses, thus setting their ip to dhcp. All went well and they got addresses and everything worked, except for DNS.</description>
373 </item>
374
375 <item>
376 <title>Tracking Docker Hub tags</title>
377 <link>https://jasper.la/posts/tracking-docker-hub-tags/</link>
378 <pubDate>Mon, 01 Feb 2016 00:00:00 +0000</pubDate>
379
380 <guid>https://jasper.la/posts/tracking-docker-hub-tags/</guid>
381 <description>Several times during the past weeks I&rsquo;ve found myself in need of a particular tag for a Docker image on the Docker Hub. Upstream released their software and I wanted to deploy the container with the latest version. Of course you can keep reloading the Tags page to see if something new has shown up.
382 So I wrote a little tool called docker-tags. It keeps track of images you want to followand when asked reports either:</description>
383 </item>
384
385 <item>
386 <title>Mutt "end-of-year" cleaning</title>
387 <link>https://jasper.la/posts/mutt-end-of-year-cleaning/</link>
388 <pubDate>Thu, 24 Dec 2015 00:00:00 +0000</pubDate>
389
390 <guid>https://jasper.la/posts/mutt-end-of-year-cleaning/</guid>
391 <description>For some inboxes there&rsquo;s no reason to keep anything beyond a certain date. For example ports-changes@ isn&rsquo;t too relevant to save the emails for an extended period of time. So slowly, but very surely, that mail folder reached 30k messages.
392 While in the past I&rsquo;ve manually deleted a full year of email by putting a weight on the d key (no kidding), there had to be a simpler way. Turns out there is with tagging.</description>
393 </item>
394
395 <item>
396 <title>Golang cross-compiling Docker container</title>
397 <link>https://jasper.la/posts/golang-cross-compiling-container/</link>
398 <pubDate>Tue, 17 Nov 2015 00:00:00 +0000</pubDate>
399
400 <guid>https://jasper.la/posts/golang-cross-compiling-container/</guid>
401 <description>Creating cross-compiled binaries for Go projects is nothing new, and many projects build binaries for more than just linux/amd64, great. Some even build binaries for openbsd/amd64, even better.
402 At the time of writing there&rsquo;s no Go 1.5 port for OpenBSD yet, however there are some projects which requires Go &gt;= 1.5. E.g. filebeat.
403 So I made a simple Docker image which provides a cross-compiler for any supported Go target, but defaulting to openbsd/amd64: jasperla/go-cross.</description>
404 </item>
405
406 <item>
407 <title>Dockerlint</title>
408 <link>https://jasper.la/posts/dockerlint/</link>
409 <pubDate>Fri, 06 Nov 2015 00:00:00 +0000</pubDate>
410
411 <guid>https://jasper.la/posts/dockerlint/</guid>
412 <description>To flex my Coffeescript muscle I wrote a tool called Dockerlinta while ago. At the time there were already several projects with this obvious name, however none actually did The Right Thing. Either they were placeholders/vaporware or they had two checks.
413 Instead of coming up with arbitrary Dos and Donts, Dockerlint follows two documents as set forth by Docker Inc.:
414 Best practices for writing Dockerfiles Dockerfile reference I try to keep up with Docker&rsquo;s insane release schedule (closing in to releasing 4 new major versions each week?</description>
415 </item>
416
417 <item>
418 <title>Switching to Casper (sort of)</title>
419 <link>https://jasper.la/posts/switching-to-casper-sort-of/</link>
420 <pubDate>Tue, 20 Oct 2015 00:00:00 +0000</pubDate>
421
422 <guid>https://jasper.la/posts/switching-to-casper-sort-of/</guid>
423 <description>For a long time I&rsquo;ve been using the Velox theme for this blog. However recently I found myself wanting to use some of the features the default Casper theme now provides. Aside from the fact a lot of work has gone into this theme over the past two years that makes it look really good.
424 The fact that Casper is developed by the same folks who develop Ghost means that new features the Ghost platform provides are integrated into this theme, such as the You might enjoyat the bottom of this page.</description>
425 </item>
426
427 <item>
428 <title>OpenBSD (U)EFI bootloader howto</title>
429 <link>https://jasper.la/posts/openbsd-uefi-bootloader-howto/</link>
430 <pubDate>Mon, 14 Sep 2015 00:00:00 +0000</pubDate>
431
432 <guid>https://jasper.la/posts/openbsd-uefi-bootloader-howto/</guid>
433 <description>Here&rsquo;s a quick howto of getting started with the new UEFI bootloader support in OpenBSD -current. This does assume the entire disk will be allocated by OpenBSD. Dual-booting in an UEFI setup requires extra steps which are not covered here.
434 By far the easiest method is to copy the miniroot58.fs to a USB stick and boot from it. This already includes an EFI boot partition so to be sure the BIOS can correctly boot the new bootloader, start by disabling the Legacy boot option in the BIOS.</description>
435 </item>
436
437 <item>
438 <title>MPD to Sonos with Icecast</title>
439 <link>https://jasper.la/posts/mpd-to-sonos-with-icecast/</link>
440 <pubDate>Wed, 15 Apr 2015 00:00:00 +0000</pubDate>
441
442 <guid>https://jasper.la/posts/mpd-to-sonos-with-icecast/</guid>
443 <description>Before I switched to Sonos as my primary way of listening to audio I&rsquo;ve used MPD for years. As such I collected a fair amount of audio files that Rdio, Tidal or Spotify claim I&rsquo;m not allowed to stream in my region. And while Sonos is great, there&rsquo;s not really a way to control it the way you can control an MPD server for which there are many clients and libraries.</description>
444 </item>
445
446 <item>
447 <title>Xcode/iOS license reminder</title>
448 <link>https://jasper.la/posts/xcodeios-license-reminder/</link>
449 <pubDate>Wed, 24 Sep 2014 00:00:00 +0000</pubDate>
450
451 <guid>https://jasper.la/posts/xcodeios-license-reminder/</guid>
452 <description>As a Homebrew user I find myself searching on how to agree to the new Xcode/iOS license after every Xcode update when I into the following error message on brew update:
453 Agreeing to the Xcode/iOS license requires admin privileges, please re-run as root via sudo. Error: Failure while executing: git checkout -q master So as a quick reminder for myself; this pops up the new license to agree to:
454 sudo xcrun cc UPDATE, 23 Oct 2015: it seems that Xcode &gt; 7.</description>
455 </item>
456
457 <item>
458 <title>Reinstall your iMac to fix a non-working right click</title>
459 <link>https://jasper.la/posts/reinstall-your-imac-to-fix-a-non-working-right-click/</link>
460 <pubDate>Sat, 13 Sep 2014 00:00:00 +0000</pubDate>
461
462 <guid>https://jasper.la/posts/reinstall-your-imac-to-fix-a-non-working-right-click/</guid>
463 <description>or how nuking my font caches fixed &ldquo;secondary (right) click&rdquo;
464 Here&rsquo;s a short tale that left me flabbergasted earlier this week. Let&rsquo;s first introduce the main characters before embarking on this strange trip.
465 First, the main character, an iMac, model &ldquo;late 2013&rdquo; running OS X 10.9.4, which has been loyally providing it&rsquo;s services for about 10 months, without a single complaint. Next is the &ldquo;Magic Mouse&rdquo;, this device has been tied to it&rsquo;s wireless Bluetooth leash ever since it came along the iMac.</description>
466 </item>
467
468 <item>
469 <title>Portscout for OpenBSD</title>
470 <link>https://jasper.la/posts/portscout-for-openbsd/</link>
471 <pubDate>Tue, 02 Sep 2014 00:00:00 +0000</pubDate>
472
473 <guid>https://jasper.la/posts/portscout-for-openbsd/</guid>
474 <description>Portscout is a neat tool that scans an entire ports tree and then checks the upstream sites for any new releases.
475 This tool was originally written for FreeBSD and this weekend I hacked it up to work on the OpenBSD ports tree too.
476 Welcome, OpenBSD! While adding initial OpenBSD support was surprisingly easy once a few small issues were sorted out (use show=FOO\ BAR instead of chaining -V FOO -V BAR) I actually added some new features to it.</description>
477 </item>
478
479 <item>
480 <title>mPower static IP configuration</title>
481 <link>https://jasper.la/posts/mpower-static-ip-configuration/</link>
482 <pubDate>Thu, 14 Aug 2014 00:00:00 +0000</pubDate>
483
484 <guid>https://jasper.la/posts/mpower-static-ip-configuration/</guid>
485 <description>For many devices it&rsquo;s nice to have them configured with DHCP, like mobile phones. But a powerbar&rsquo;d better have an IP that won&rsquo;t change&hellip;
486 By default the mPower devices come with DHCP enabled (with fallback to 192.168.1.20), in this post we&rsquo;ll have a look at setting a static IP address for both the mPower mini and mPower Pro devices.
487 Now ssh into the device on their pre-configured or DHCP-obtained IP. If it&rsquo;s not been connected to the mFi controller the defaults credentials are ubnt:ubnt.</description>
488 </item>
489
490 <item>
491 <title>Puppetized mFi controller</title>
492 <link>https://jasper.la/posts/puppetized-mfi-controller/</link>
493 <pubDate>Wed, 13 Aug 2014 00:00:00 +0000</pubDate>
494
495 <guid>https://jasper.la/posts/puppetized-mfi-controller/</guid>
496 <description>Recently I bought a Ubiquiti mPower which is part of their mFi-line of products for home automation. This comes with the mFi controller software which is a standalone Tomcat application used to control various mFi components. These can be smart powerbars, temperature/current/motion sensors, but also custom sensors (more on that later).
497 Since this controller would need to be running 24/7 it seemed like a logical choice to install it on my home server and manage it with Puppet.</description>
498 </item>
499
500 <item>
501 <title>Prism.js additions</title>
502 <link>https://jasper.la/posts/prism-js-additions/</link>
503 <pubDate>Wed, 06 Aug 2014 00:00:00 +0000</pubDate>
504
505 <guid>https://jasper.la/posts/prism-js-additions/</guid>
506 <description>As mentioned before I started with programming VHDL and since I want to blog about that (among other topics), some nice syntax highlighting would help if when code snippets were included.
507 So for syntax highlighting this blog uses Prism, however it lacked support for some languages and formats I work with:
508 Puppet — .pp Yaml (Hiera/Ansible/etc) — .yml VHDL — .vdh User constraint files — .ucf Basic definitions for these languages have been added to jasperla/prism-langs, so feel free to fork and send pull requests with any improvements.</description>
509 </item>
510
511 <item>
512 <title>FPGAs 101</title>
513 <link>https://jasper.la/posts/fpgas-101/</link>
514 <pubDate>Fri, 01 Aug 2014 00:00:00 +0000</pubDate>
515
516 <guid>https://jasper.la/posts/fpgas-101/</guid>
517 <description>After buying a Digilent Basys2 board last year to teach myself programming FPGAs with VHDL I never really sat down for a few hours to get to know the programming environment. Partly because coming from microcontrollers where I&rsquo;d always setup a Makefile to compile my code and program the boards, learning how to use a 14.5 GB piece of software was daunting.
518 However, recently I picked up a copy of FPGAs 101 to kickstart my venture.</description>
519 </item>
520
521 </channel>
522 </rss>