202308¶

vyos upgrade¶

[edit]
vyos@vyos# run add system image https://s3-us.vyos.io/rolling/current/vyos-rolling-latest.iso
Unable to fetch digital signature file.
Do you want to continue without signature check? (yes/no) [yes] yes
Checking MD5 checksums of files on the ISO image...OK.
Done!
What would you like to name this image? [1.4-rolling-202308020317]:
OK.  This image will be named: 1.4-rolling-202308020317
Installing "1.4-rolling-202308020317" image.
Copying new release files...
Would you like to save the current configuration
directory and config file? (Yes/No) [Yes]:
Copying current configuration...
Would you like to save the SSH host keys from your
current configuration? (Yes/No) [Yes]:
Copying SSH keys...
Running post-install script...
Setting up grub configuration...
Done.
[edit]
vyos@vyos# run show system i
The system currently has the following image(s) installed:

   1: 1.4-rolling-202308020317 (default boot)
   2: 1.2.8- (running image)
   3: 1.1.8

[edit]
vyos@vyos# save
Saving configuration to '/config/config.boot'...
Done
[edit]
vyos@vyos# run reboot
Are you sure you want to reboot this system? [y/N] y

変更履歴を記録する ¶

volatileの使い所¶

"volatileの使い方① - 組み込みC/C++"
"volatileの使い方② - 組み込みC/C++"
通常の処理と割り込み関数の両方から使う変数はvolatileで修飾したほうが良い
最適化によって条件分岐の評価が省略されたり，メモリへの展開等が省略される可能性がある．
あるスコープの外で変化しうる変数を扱う際にはvolatileをつけておくほうが良さそう．
- ペリフェラルのレジスタへの参照など．

sshでnegotiate error¶

error
- Unable to negotiate with x.x.x.x port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss
- Unable to negotiate with x.x.x.x port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
ssh optionでoverrideしたりする(ex. ssh -oHostKeyAlgorithms +ssh-rsa)
- KexAlgorithms +diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
- HostKeyAlgorithms +ssh-rsa
- Ciphers +aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc

Pythonがグローバルインタプリタロックの解消へ、マルチスレッド処理の高速化実現－ Publickey ¶

Solid state ミュート回路¶

"求人情報 | ECN"¶

"Terminalizer"¶

`% ln -s ~/<path_to>/HyperlinkHelper ~/Library/Application\ Support/Sublime\ Text/Packages/`¶

PureLiFi Technology: Radio Free Wireless Communications ¶

Tshark | dumpcap ¶

Tshark | mergecap ¶

丸十大屋/蔵膳屋/味マルジュウ【公式】¶

containerでiperf¶

pm run -it --rm -p 5201:5201 networkstatic/iperf3 -s
pm run -it --rm networkstatic/iperf3 -c 127.0.0.1 -t 30
iperfのtips
- udpモードだとdropなしに最大帯域を探るのは難易度が高い．一般的にtcpモードで良いと考えられる．
  - tcp mode: iperf3 -c x.x.x.x -t 30 --get-server-output
  - udpモードで測定するケース
    - 単に負荷がかかればいいケース
    - ジッタ測定をしたいケース
    - 片方向通信のみしか許可されていないなどの特殊環境下にある場合(iperf2)
      - 片方向通信環境でiperf2を使うための下調べ (1)
  - udp mode: iperf3 -c x.x.x.x -t 30 --get-server-output -u -b 10M
- 特に遅延が大きい環境等で，本来の最大帯域をudpモードを利用せずに測定するにはtcpモードにおいてwindowサイズを調整した測定を行うとよい．
  - tcp window size option: -w 60K
ref: iperf での帯域測定検証(tcpモード vs udpモードなど) - Qiita

ドルフィンシステム福島のSDR実験室 ¶

DNS performance test¶

GitHub - DNSPerf/dnsperf: DNS Performance testing tool
- DNS Performance - Compare the speed and uptime of enterprise and commercial DNS services | DNSPerf
- dnsperf -s x.x.x.x -d query.txt
ISC Open Source Projects / queryperf · GitLab
- queryperf -s x.x.x.x -d query.txt

HTTPでs3¶

Authorization headerとしてaccsess key, secret key, bucket, key, date, content-typeから計算される値の付与が必要

たとえばpythonだと下記．

import base64
import hmac
from hashlib import sha1

access_key = 'xxxxx'.encode("UTF-8")
secret_key = 'yyyyy'.encode("UTF-8")
bucket='test_bucket'
key='test.txt'
date='Fri, 21 Apr 2023 15:28:00 GMT'
content_type="application/octet-stream"

# StringToSign = {HTTP-Verb} + "\n" +
#   {Content-MD5} + "\n" +        # GETでは省略可
#   {Content-Type} + "\n" +       # GETでは省略可
#   {Date} + "\n" +
#   {CanonicalizedAmzHeaders} +
#   {CanonicalizedResource};      # GETでは省略可

string_to_sign = f'GET\n\n{content_type}\n{date}\n/{bucket}/{key}'.encode("UTF-8")
signature = base64.b64encode(hmac.new(secret_key, string_to_sign, sha1).digest()).strip()
authorization_header=f"AWS {access_key.decode()}:{signature.decode()}"

curl --request POST 'https://example.com/{bucket}/{key}' \
  --header 'Host: example.com' \
  --header 'Date: {date}' \
  --header 'Content-Type: application/octet-stream' \
  --header 'Authorization: {authorization_header}' \
  --data-raw '{data}'

date, content-typeはhttp headerの値と同値にしておく必要がある．
- 特にdateは大きく乖離している場合に認証が通らない．基本同一とすることが望ましい．
References

iptablesでicmp floodを切る¶

ddos対策とかに．
前提
- echo reply
  - ipv4: 0
  - ipv6: 129
- echo request
  - ipv4:8
  - ipv6: 128
- type ref:
  - iptables -p icmp -h
  - ip6tables -p ipv6-icmp -h
limitで単純に制限をかける

iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s --limit-burst 5 -j ACCEPT
ip6tables -A INPUT -p ipv6-icmp --icmpv6-type echo-request -m limit --limit 1/s --limit-burst 5 -j ACCEPT

単純なlimitだと着弾したもの全てに対するカウントになってしまう．この場合，不正な通信により正常な通信も落とされる恐れがある． source ip別等でquotaを持ちたい場合はhashlimitを用いると可能．

iptables  -A INPUT -p icmp --icmp-type 8 \
-m conntrack --ctstate NEW,RELATED,ESTABLISHED -m hashlimit --hashlimit-name PING --hashlimit 15/sec --hashlimit-burst 5 --hashlimit-mode srcip --hashlimit-htable-expire 300000 -j ACCEPT

ip6tables -A INPUT -p ipv6-icmp --icmpv6-type 128 \
-m conntrack --ctstate NEW,RELATED,ESTABLISHED -m hashlimit --hashlimit-name PING6 --hashlimit 15/sec --hashlimit-burst 5 --hashlimit-mode srcip --hashlimit-htable-expire 300000 -j ACCEPT

# hashtableを確認できる
cat /proc/net/ipt_hashlimit/PING
cat /proc/net/ipt_hashlimit/PING6

$ iptables -p icmp -m hashlimit -h
  ...snip...
  --hashlimit-upto <avg>           max average match rate
                                   [Packets per second unless followed by
                                   /sec /minute /hour /day postfixes]
  --hashlimit-above <avg>          min average match rate
  --hashlimit-mode <mode>          mode is a comma-separated list of
                                   dstip,srcip,dstport,srcport (or none)
  --hashlimit-srcmask <length>     source address grouping prefix length
  --hashlimit-dstmask <length>     destination address grouping prefix length
  --hashlimit-name <name>          name for /proc/net/ipt_hashlimit
  --hashlimit-burst <num>          number to match in a burst, default 5
  --hashlimit-htable-size <num>    number of hashtable buckets
  --hashlimit-htable-max <num>     number of hashtable entries
  --hashlimit-htable-gcinterval    interval between garbage collection runs
  --hashlimit-htable-expire        after which time are idle entries expired?

uptoとaboveは逆の働きをするので，ACCEPTとDROPで使い分けができる．
burstは理解が難しいが，下記のようなケースで活用できる
- 感覚的にはダイナミクスでいうゲートのような感覚．burst閾値を超えるとrate limitが初めて発動する．
- 512kb/s を超過するとマッチするが、 1mb に達するまではマッチせず許可する
  - --hashlimit-above 512kb/s --hashlimit-burst 1mb
ref: iptables アクセス回数を制限する - セキュリティ
ref: Understanding iptable’s hashlimit module | Poorly Documented

WebRTC コトハジメ · GitHub ¶

More secure private attachments - The GitHub Blog ¶

下駄，雪駄，草履の違い¶

下駄
- 木からなる台に穴が３つ空いていて、そこに花緒をすげられるもの
- 桐でできているもの
草履
- 草履の方が広い意味であり、雪駄は草履の一種
- コルク材に革や布などを巻き、重ね、底・天を整形した履物
- 下駄よりも格式が高い
- 男女ともに用いる
- 雪駄
  - 畳表の裏には革が縫い付けられている
  - 踵には金具がついていて、歩くとチャリチャリと存在感のある音が鳴る
  - かつては男性の履物
ref: 下駄と雪駄と草履の違い～目利きポイント～　―下駄コラム―丸屋履物店

ttyを強制切断する¶

root@xxx# w
 02:22:11 up 44 min,  2 users,  load average: 1.12, 1.08, 1.01
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
jp7fkf   pts/0    x.x.x.x          01:42    2:19   2.47s  0.34s ssh x.x.x.x
jp7fkf   pts/1    x.x.x.x          02:20    0.00s  1.28s  0.19s sshd: jp7fkf
root@xxx# ps -lt pts/0
F S   UID   PID  PPID  C PRI  NI ADDR SZ WCHAN  TTY          TIME CMD
4 S  1000 10038 10035  1  80   0 -  1109 wait   pts/0    00:00:00 vbash
4 S     0 10050 10038  0  80   0 -  1440 poll_s pts/0    00:00:00 sudo
4 S     0 10054 10050  0  80   0 -  1330 wait   pts/0    00:00:00 su
4 S     0 10059 10054  4  80   0 -  1255 wait   pts/0    00:00:00 bash
0 R     0 10065 10059  0  80   0 -  1486 -      pts/0    00:00:00 ps
root@xxx# kill 10038

zabbix on docker¶

GitHub - zabbix/zabbix-docker: Official Zabbix Dockerfiles

zabbix verup 4.4.6 to 6.0-latest¶

DB schema change

jp7fkf@dch01:~/zabbix/zabbix-docker-6.0$ docker exec -it zabbixdocker60_postgres-server_1 bash
bash-5.1# psql -U postgres zabbix
psql (10.23)
Type "help" for help.

zabbix=# ALTER TABLE ONLY trends
zabbix-# ALTER COLUMN value_min TYPE DOUBLE PRECISION,
zabbix-# ALTER COLUMN value_min SET DEFAULT '0.0000',
zabbix-# ALTER COLUMN value_avg TYPE DOUBLE PRECISION,
zabbix-# ALTER COLUMN value_avg SET DEFAULT '0.0000',
zabbix-# ALTER COLUMN value_max TYPE DOUBLE PRECISION,
zabbix-# ALTER COLUMN value_max SET DEFAULT '0.0000';
ALTER TABLE
zabbix=# ALTER TABLE ONLY history
zabbix-# ALTER COLUMN value TYPE DOUBLE PRECISION,
zabbix-# ALTER COLUMN value SET DEFAULT '0.0000';
ALTER TABLE
zabbix=#
zabbix=# ^D\q
bash-5.1#
exit

DB log

jp7fkf@dch01:~/zabbix/zabbix-docker-6.0$ docker-compose up postgres-server
WARNING: Some services (zabbix-agent, zabbix-server, zabbix-web-nginx-pgsql) use the 'deploy' key, which will be ignored. Compose does not support 'deploy' configuration - use `docker stack deploy` to deploy to a swarm.
Starting zabbixdocker60_postgres-server_1 ...
Starting zabbixdocker60_postgres-server_1 ... done
Attaching to zabbixdocker60_postgres-server_1
postgres-server_1         | The files belonging to this database system will be owned by user "postgres".
postgres-server_1         | This user must also own the server process.
postgres-server_1         |
postgres-server_1         | The database cluster will be initialized with locale "en_US.utf8".
postgres-server_1         | The default database encoding has accordingly been set to "UTF8".
postgres-server_1         | The default text search configuration will be set to "english".
postgres-server_1         |
postgres-server_1         | Data page checksums are disabled.
postgres-server_1         |
postgres-server_1         | fixing permissions on existing directory /var/lib/postgresql/data ... ok
postgres-server_1         | creating subdirectories ... ok
postgres-server_1         | selecting dynamic shared memory implementation ... posix
postgres-server_1         | selecting default max_connections ... 100
postgres-server_1         | selecting default shared_buffers ... 128MB
postgres-server_1         | selecting default time zone ... UTC
postgres-server_1         | creating configuration files ... ok
postgres-server_1         | running bootstrap script ... ok
postgres-server_1         | performing post-bootstrap initialization ... sh: locale: not found
postgres-server_1         | 2023-08-18 22:53:40.816 UTC [30] WARNING:  no usable system locales were found
postgres-server_1         | ok
postgres-server_1         | syncing data to disk ... initdb: warning: enabling "trust" authentication for local connections
postgres-server_1         | You can change this by editing pg_hba.conf or using the option -A, or
postgres-server_1         | --auth-local and --auth-host, the next time you run initdb.
postgres-server_1         | ok
postgres-server_1         |
postgres-server_1         |
postgres-server_1         | Success. You can now start the database server using:
postgres-server_1         |
postgres-server_1         |     pg_ctl -D /var/lib/postgresql/data -l logfile start
postgres-server_1         |
postgres-server_1         | waiting for server to start....2023-08-18 22:53:42.655 UTC [36] LOG:  starting PostgreSQL 14.9 on x86_64-pc-linux-musl, compiled by gcc (Alpine 12.2.1_git20220924-r10) 12.2.1 20220924, 64-bit
postgres-server_1         | 2023-08-18 22:53:42.658 UTC [36] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
postgres-server_1         | 2023-08-18 22:53:42.690 UTC [37] LOG:  database system was shut down at 2023-08-18 22:53:42 UTC
postgres-server_1         | 2023-08-18 22:53:42.704 UTC [36] LOG:  database system is ready to accept connections
postgres-server_1         |  done
postgres-server_1         | server started
postgres-server_1         | CREATE DATABASE
postgres-server_1         |
postgres-server_1         |
postgres-server_1         | /usr/local/bin/docker-entrypoint.sh: ignoring /docker-entrypoint-initdb.d/*
postgres-server_1         |
postgres-server_1         | waiting for server to shut down....2023-08-18 22:53:42.959 UTC [36] LOG:  received fast shutdown request
postgres-server_1         | 2023-08-18 22:53:42.963 UTC [36] LOG:  aborting any active transactions
postgres-server_1         | 2023-08-18 22:53:42.967 UTC [36] LOG:  background worker "logical replication launcher" (PID 43) exited with exit code 1
postgres-server_1         | 2023-08-18 22:53:42.967 UTC [38] LOG:  shutting down
postgres-server_1         | 2023-08-18 22:53:43.011 UTC [36] LOG:  database system is shut down
postgres-server_1         |  done
postgres-server_1         | server stopped
postgres-server_1         |
postgres-server_1         | PostgreSQL init process complete; ready for start up.
postgres-server_1         |
postgres-server_1         | 2023-08-18 22:53:43.121 UTC [1] LOG:  starting PostgreSQL 14.9 on x86_64-pc-linux-musl, compiled by gcc (Alpine 12.2.1_git20220924-r10) 12.2.1 20220924, 64-bit
postgres-server_1         | 2023-08-18 22:53:43.121 UTC [1] LOG:  listening on IPv4 address "0.0.0.0", port 5432
postgres-server_1         | 2023-08-18 22:53:43.121 UTC [1] LOG:  listening on IPv6 address "::", port 5432
postgres-server_1         | 2023-08-18 22:53:43.133 UTC [1] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
postgres-server_1         | 2023-08-18 22:53:43.155 UTC [51] LOG:  database system was shut down at 2023-08-18 22:53:42 UTC
postgres-server_1         | 2023-08-18 22:53:43.170 UTC [1] LOG:  database system is ready to accept connections
postgres-server_1         | 2023-08-18 22:53:45.802 UTC [63] FATAL:  role "postgres" does not exist
postgres-server_1         | 2023-08-18 22:53:54.682 UTC [71] FATAL:  role "root" does not exist
postgres-server_1         | 2023-08-18 22:53:57.501 UTC [73] FATAL:  role "postgres" does not exist
postgres-server_1         | 2023-08-18 22:54:59.298 UTC [82] ERROR:  cannot drop the currently open database
postgres-server_1         | 2023-08-18 22:54:59.298 UTC [82] STATEMENT:  DROP DATABASE zabbix;
postgres-server_1         | 2023-08-18 22:54:59.302 UTC [82] ERROR:  role "postgres" does not exist
postgres-server_1         | 2023-08-18 22:54:59.302 UTC [82] STATEMENT:  DROP ROLE postgres;
postgres-server_1         | 2023-08-18 22:54:59.303 UTC [82] ERROR:  current user cannot be dropped
postgres-server_1         | 2023-08-18 22:54:59.303 UTC [82] STATEMENT:  DROP ROLE zabbix;
postgres-server_1         | 2023-08-18 22:54:59.303 UTC [82] ERROR:  role "zbx_monitor" does not exist
postgres-server_1         | 2023-08-18 22:54:59.303 UTC [82] STATEMENT:  DROP ROLE zbx_monitor;
postgres-server_1         | 2023-08-18 22:54:59.309 UTC [82] ERROR:  role "zabbix" already exists
postgres-server_1         | 2023-08-18 22:54:59.309 UTC [82] STATEMENT:  CREATE ROLE zabbix;
postgres-server_1         | 2023-08-18 22:54:59.311 UTC [82] ERROR:  permission denied to create role
postgres-server_1         | 2023-08-18 22:54:59.311 UTC [82] STATEMENT:  CREATE ROLE zbx_monitor;
postgres-server_1         | 2023-08-18 22:54:59.311 UTC [82] ERROR:  role "zbx_monitor" does not exist
postgres-server_1         | 2023-08-18 22:54:59.311 UTC [82] STATEMENT:  ALTER ROLE zbx_monitor WITH NOSUPERUSER INHERIT NOCREATEROLE NOCREATEDB LOGIN NOREPLICATION NOBYPASSRLS PASSWORD 'xxxxx';
postgres-server_1         | 2023-08-18 22:54:59.312 UTC [82] ERROR:  role "zbx_monitor" does not exist
postgres-server_1         | 2023-08-18 22:54:59.312 UTC [82] STATEMENT:  GRANT pg_monitor TO zbx_monitor GRANTED BY postgres;
postgres-server_1         | 2023-08-18 22:54:59.316 UTC [82] ERROR:  permission denied to create database
postgres-server_1         | 2023-08-18 22:54:59.316 UTC [82] STATEMENT:  CREATE DATABASE zabbix WITH TEMPLATE = template0 OWNER = zabbix;
postgres-server_1         | 2023-08-18 22:59:01.025 UTC [92] ERROR:  canceling autovacuum task
postgres-server_1         | 2023-08-18 22:59:01.025 UTC [92] CONTEXT:  while scanning block 100784 of relation "public.history_uint"
postgres-server_1         |   automatic vacuum of table "zabbix.public.history_uint"
postgres-server_1         | 2023-08-18 23:01:18.003 UTC [52] LOG:  checkpoints are occurring too frequently (28 seconds apart)
postgres-server_1         | 2023-08-18 23:01:18.003 UTC [52] HINT:  Consider increasing the configuration parameter "max_wal_size".
^CGracefully stopping... (press Ctrl+C again to force)
Stopping zabbixdocker60_postgres-server_1 ... done

postgres DB verup

jp7fkf@dch01:~/zabbix/zabbix-docker-6.0$ cat backup.sql | docker exec -i zabbixdocker60_postgres-server_1 psql --username zabbix

2x4 Stud End Cap by skear - Thingiverse ¶

GitHub - tianon/gosu: Simple Go-based setuid+setgid+setgroups+exec ¶

GitHub - kognise/arpchat: Answering the question nobody asked: what if you wanted to text your friends using only ARP?¶

誤りを認める練習 - 覚書 ¶

時雨堂を支える採用 · GitHub ¶

Engine Simulator - 内燃機関をシミュレートしリアルなエンジンサウンドを生成可能なオープンソースツール！¶

GitHub - ange-yaghi/engine-sim: Combustion engine simulator that generates realistic audio.

他人がはやく読めるコードを書くために - Speaker Deck ¶

開発で使えるJOJOの名言集 · GitHub ¶

None ¶

GitHub - meilisearch/meilisearch: A lightning-fast search engine that fits effortlessly into your apps, websites, and workflow.¶

日本語対応なRust製全文検索

Brilliant Jerks in Engineering ¶

GitHub - voluntas/webapp-sqlite-template ¶

GitHub - voluntas/webapp-template ¶

GitHub - zabbix/community-templates: Zabbix Community Templates repository ¶

s3 compatible open source storage¶

GitHub - krallin/tini: A tiny but valid `init` for containers ¶

netbox upgrade¶

Home · netbox-community/netbox-docker Wiki · GitHub
Docker
Updating · netbox-community/netbox-docker Wiki · GitHub
Upgrading NetBox - NetBox Documentation
[NetBox] NetBox(v2.10.3 → v2.10.4)とnetbox-docker(0.27.0 → 1.0.2)のアップグレード - zaki work log
upgrad, compati, earlier あたりの単語でreleasesを検索してmanual対応が必要なケースがないかを確認するとよい．

SQL SELECT文の記述順序と実行順序¶

- 記述順序
  - SELECT
  - FROM
  - WHERE
  - GROUP BY
  - HAVING
  - ORDER BY
  - LIMIT
- 実行順序
  - FROM
  - WHERE
  - GROUP BY
  - SELECT
  - HAVING
  - ORDER BY
  - LIMIT