Numeric FilePermissionRights in Windows (Generic Access Rights)
While performing an SMB share permissions review we discovered some fileshares with numeric permissions like 268435456 that did not translate to a Human-readable permission set (such as FullControl or ReadAndExecute). We wanted to better understand the numeric permissions.
How to stop Ubuntu 20.04 from auto-adding network printers
I noticed something odd today while using a new laptop with Ubuntu 20.04 installed: A network printer was automatically detected and installed without any intervention on my part. The laptop was connected to a WiFi network where the screen was locked for a few minutes. When I came back I found a notification waiting for me on the login screen about a new printer. The notification disappeared after I entered my unlock password or I'd have included an image here.
Infer Docker Registry Hashes for Local Image Layers
In recent weeks I spent some time working on security analysis of Docker container images in an environment that used multiple container registries. The goal of the project was to ensure that application images are built against known-good / certified base images. There was an unforseen factor that complicated this work- the organizationally approved base images reside in an old Quay Enterprise 2.9.x server that does not support the latest Docker registry API (Image Manifest Version 2, Schema 2) which prohibited a simple check of image layer hashes as the hashes are calculated differently and don't match up.
To get around this I crafted a solution that calculates the 'new' hash for each layer of approved base images and used the calculated layers to compare against application images. If you want to jump to the code, see this repo: InferDockerRegistryHash. For more details, read on below
Ad-hoc repairs to a failed gitlab-ce upgrade (12.8 -> 13.0.8)
While attempting to upgrade a dockerized instance of giblab-ce I found a number of error messages like this that caused the upgrade to fail and a rollback to the previous version to fail:
7/6/2020 11:07:37 AMRunning handlers:
7/6/2020 11:07:37 AMThere was an error running gitlab-ctl reconfigure:
7/6/2020 11:07:37 AM
7/6/2020 11:07:37 AMrunit_service[redis] (redis::enable line 66) had an error: Errno::ENOENT: template[/var/log/gitlab/redis/config] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/runit/libraries/provider_runit_service.rb line 136) had an error: Errno::ENOENT: No such file or directory @ realpath_rec - /opt/gitlab/sv/redis/log/config
Minikube 1.6.2 + Cilium 1.6.5 on Ubuntu 19.10
It's time to refresh one of my Minikube installations- I'd like to play around with Cilium some more and Minikube is the most direct route to a functioning test cluster. The last time I set up a Minikube/Cilium was back in 2018 and I hope the installation is more streamlined now.
My purpose in this is to minimize what is installed to my host workstation. I prefer a greater degree of isolation between my host and experiments.
Unifi server controller stops working after upgrade to 5.12.35-12979-1
While upgrading my home network's Unifi server installation I found that the upgrade hung for an abnormally long time and after it 'finished' the web console would not load. Investigating further it appears that somehow the port configuration for Mongo changed in this (or a prior?) version of the Unifi software which lead to it not being able to communicate with the Mongo Server. When addressing this configuration issue I found I had a disk space issue to contend with, so it's been a 'fun' morning.
Work-around: Docker Volumes on Windows without File and Print Sharing
We encountered an issue where a developer was trying to use Docker Desktop for Windows and kept getting a message about being unable to share their local volume. Company security policy disabled File and Printer Sharing at the firewall level which left us with some trouble for people trying to develop in docker on Windows Desktop.
To see the helper script, head over to the github repo
Windows 10: Disable persistent WiFi Auto-connect
I had an issue where WiFi auto-connect could not be disabled for a corporate WPA2-E network ("Connect automatically when in range" setting was not persisted). This can be an issue if you want to minimize your exposure to WiFi phishing attacks a-la WiFi Pineapple. Searching around I found a way that seems to let me disable the auto-connect.
How to set a pre-existing docker container to start on boot
Sometimes I forget to set the --restart=always on docker containers that should be persistent. Fortunately for me the creators of docker anticipated my use case and provide a quick way for me to rectify the issue.
Work-around for poor handling of High DPI screens in VMWare Workstation 14 (Kali Linux)
VMWare Workstation 14 does a poor job of handling High DPI screens. Linux VMs running on a laptop with a HiDPI screen don't display at the expected full-size. One way to work around this is using xrandr and display scaling from within the Virtual machine.