28 June 2020

By | | , , ,
Comments Off on 28 June 2020

A Month!!!

We hope that all of you are keeping well and in reasonable health.

Yes, yes, it’s been a month. Sorry to those of you who worry. We’re all okay here. And for a couple of weeks, we were okay up in Maine, too!

The view of the lake from the door of the camp, in the middle of Maine.
The view of the lake from the door of the camp

Three days before we left for Maine, we learned that they had updated the rules for out-of-state visitors. If we could show proof of a negative COVID-19 test taken within three days of arriving in Maine, we could forego the otherwise mandatory two week strict quarantine. We found a clinic, got a test each, and on Friday evening we got our negative test results. 12 hours later, we were on the road to Maine.

Lexi (our chipuggle mutt) likes hanging out in Maine, too!
Lexi likes hanging out in Maine, too!

It was a lovely two weeks, the best run of weather we’ve had in our many trips up there. The fishing was fun, the catching was … sparce, at best. The best bit about not needing to quarantine is that we could spend time with Marcia’s sister. We didn’t do much in the way of tourist-ish stuff, out of an abundance of caution. But it was really quite relaxing.

The garden lives, that’s good, and I’ve weeded them out. The lawns are now mowed again. And I’m back to work, mostly remote as before, tomorrow morning.

Winding Down

Our condolences to the family and friends of Spc. Nick Bravo-Regules, 20, from Largo, Florida, who died on June 23, 2020, in Jordan while supporting operations in the U.S. Central Command area of responsibility, from a non-combat-related incident.

28 May 2020

By | | , ,
Comments Off on 28 May 2020

Rather Closer to the End

Well, the beginning was a good long time ago. And one thing I can always take away from the Drake Equation is that a primary reason that we’re alone is because civilizations just don’t last long enough to get past the deeply stupid stage that follows the enlightenment. Whether we do it to ourselves, or Giant Asteroid ’20 does the job for us, the bell is tolling.

I know, I’m a cheery sort of bloke, eh? You look at the news. I’ll go back to the small shit that I have control over. Like …

The garden is alive. Almost two weeks and nothing’s dead yet. On Saturday I’ll take off the bird netting, weed out the beds, and set the tomato plant cages. Yay!

SSH Agent Persistence vs CSH/TCSH

Y’all can skip this part if you want. It’s here as much for me to find it again if I ever need it as for anyone in Greater OutThereLandia.

The problem is “simple”. I have a group of systems I’m responsible for. The developers have a whole suite of scripts and processes based on the fact that they use the modern incarnation of the C shell, tcsh. I’m migrating them to newer platforms, and newer code repositories, remote code repositories. Access to these repositories requires SSH access. SSH key pairs are the answer to the problem, but the private key requires a passphrase to meet our security requirements.

Persistence across multiple login sessions is the key for the developers. Once they have an active login session on the platform, they want to leverage their SSH authentication without re-entering the passphrase each time it’s needed, or even each time they login (simulateous sessions) on the system.

All the tools I have laying about for managing persistent SSH keys across multiple sessions are pretty much Bourne shell based, and mostly I use a tool called keychain, written a while back by Daniel Robbins of Gentoo fame. I needed to find out how other people are solving this problem for csh/tcsh users.

What I learned is that not very many people are using csh/tcsh anymore. BUT. But, I found Mark A. Hershberger, who many moons ago wrote a page about managing SSH Agent via scripts, with a link to a sub-page with solutions for alternate shells (like tcsh/csh) – http://mah.everybody.org/docs/ssh-agent-startup … yes, that’s a plain HTTP link, no SSL, and your browser will hate it. Don’t worry, you’re not logging in or doing any banking there.

This was an awesome find for someone like me that spends little or no time in tcsh, but knows that it’s a bit of a janky environment for scripting things. I read, understood, and implemented the script as written. It didn’t work. Sigh. After a couple of hours complete with gnashing of teeth and pulling of hair, it turns out I was getting clobbered by a default feature of the environment called noclobber, which effectively prevented me from overwriting a file that already exists via redirection. So, if noclobber is set (which is part of the environment for these devs), then this code won’t work, if the target file, /tmp/blue.txt, already exists:

echo "I\'ve got the blues!" > /tmp/blue.txt

Once I learned about noclobber, and determined that I could not unset it and leave it unset because of user expectations, I found that I could force the overwrite with the judicious application of a ‘!’ character to decorate the redirection. This works, whether or not /tmp/blue.txt exists:

echo "I\'ve got the blues!" >! /tmp/blue.txt

With that problem out of the way, I was able to get the code to run at login. Then I started piecing together the logic I wanted to actually apply for these development users. For login, look for a file that defines an existing SSH Agent session. If that file doesn’t exist, or if it contains information about a defunct session, it will start a new SSH Agent session. IF there’s a running SSH Agent session, it’ll check to ensure the key is loaded, and prompt to load it if needed. So, this code goes into the users .login file in their home directory:

set sshAgent=/usr/bin/ssh-agent
set sshAgentArgs="-c"
set tmpFile=~/.ssh/ssh-agent-info
#
Check for existing ssh-agent process
#
if ( -s $tmpFile ) source $tmpFile
  echo $SSH_AGENT_PID
  if (! $?SSH_AGENT_PID ) then
    # echo "No $tmpFile, starting new agent…"
    $sshAgent $sshAgentArgs | head -2 >! $tmpFile
    source $tmpFile
    echo "ssh agent started [${SSH_AGENT_PID}]"
    ssh-add
else
  # the tmpfile was present with data, check it…
  # echo "Found $tmpFile, check data"
  set this=`ps -elf | grep ${SSH_AGENT_PID} | grep ssh-agent`
  # start ssh-agent if status is nonzero
  if (( $? != 0 ) && ( -x "$sshAgent" )) then
    # tmpFile exists, but stale data
    $sshAgent $sshAgentArgs | head -2 >! $tmpFile
    source $tmpFile
    echo "ssh agent started [${SSH_AGENT_PID}]"
    ssh-add
  else
    # Agent running, ensure a key is present
    set sa_data=`ssh-add -l`
    if ( $? != 0 ) then
      # need to add key
      ssh-add
    endif
  endif
endif

The original script for exiting the session would kill the SSH Agent outright. This is not so useful if you still have other login sessions running. So I wrote a few lines to attempt to ensure that only when the last running login was being exited, would the SSH Agent be reaped. This code goes in the user’s .logout file in their home directory:

set tmpFile=~/.ssh/ssh-agent-info
set sessCount=`w | grep $user | wc -l`
if ( $sessCount == 1 ) then
  # last user, clear out the ssh-agent
  eval `ssh-agent -c -k`
  /bin/rm $tmpFile
endif

And the solution works. The developers are minimally unhappy about the increased security wrapped around access to the code base, because they know I worked to make it as painless as possible while meeting policy requirements. It could always be more robust, but I tried to get all the common failure cases, and mostly the resolution to something I didn’t catch is for the user to log out of all of their sessions, then log back in again to reset.

Winding Down

Our condolences to the family and friends of 1st Lt. Trevarius Ravon Bowman, 25, from Spartanburg, South Carolina, who died on May 19, 2020, in Bagram Air Force Base, Afghanistan, from a non-combat-related incident.

Our hearts go out the families who have lost loved ones to COVID-19. Y’all, socially distance, wear a mask when you need to (indoors around other people for sure), and WASH YOUR DAMNED HANDS way more often.

Please don’t be one of the people who want to go into retail (or any other) businesses without a mask. Don’t be one of the people trying to up your chances of being DEAD by the time the General Election rolls around. Even if you don’t care for yourself, do you want to get ill, pass it on to an elderly parent (or a young child) and have them DIE because you’re behaving like a petulant child yourself? No, no, I understand that your role model in this case does indeed behave much like a petulant child. Don’t follow that particular lemming off the cliff. Stop. Think. Listen to medical professionals and keep safe.

I love you ALL.

17 May 2020

By | | , , , , ,
1 Comment

Spring, huh?

So, since we last were here together, we had several more overnight freezes. Sadly, at least one of them was a surprise. So one night I didn’t tarp the garden beds, and everything died. Yup, all of it. So I started over. Rototilled again, raked it all out flat again, bought new plants again, and got ready to put them in the ground, again:

Two garden beds ready for planting... again. Tomatoes and peppers in ready for transplanting into the soil.
Two garden beds ready for planting… again.

We’re not due for anything below 48F in the next ten days, so I expect that we’re actually done with overnight frosts. (Famous last words). But the plants look good, and since I did that work yesterday, everything is still alive:

Plants in the ground
Plants in the ground

Right now I’ve just got a variety of tomatoes and peppers, since those are what I want most. I’ll probably pick up some herbs and some beans to go in, in the next few days.

Lexi the mutt at my office window (Lexi TV)
Lexi at my office window (Lexi TV)

While it remains spring-ish, Lexi likes watching “Lexi TV”, quivering and growling at the vicious bushy-tailed rats (squirrels) invading her back yard.

Winding Down

Our condolences to the family and friends of Sgt. Christopher Wesley Curry, 23, from Terre Haute, Indiana, who died on May 4, 2020 in Erbil, Iraq, from a non-combat-related incident.

Marcia has been baking up a storm, and, well, I love it. I’m ordering some double doors to install in all the door frames, and getting pricing information on the necessary permits…. but it’s all delicious!

We continue, reasonably healthy, mostly home-bound, wondering what the idiots are going to say next.

The bright spot is that our state, in the process of putting off the primary, did so to ensure that this was a vote-by-mail election. We received our ballots, and our instructions in Spanish, completed and mailed them. Yesterday, the instructions in English arrived. Ah, well. We were able to figure it out. Pleased that unlike some Republican-led states, ours was sane enough to ensure that people didn’t have to stand in close proximity to each other to exercise their constitutional right to vote. Yay, Maryland!

Be safe, stay home as much as possible, mask and socially distance when you must be out. Please. If not for yourself, then for the people who love you and will miss you when you die of covid-19, with complications of politics and lack of sanity.

3 May 2020

By | |
Comments Off on 3 May 2020

Nothing to Report

Seriously. Boring is great, by comparison with the many things that could be going wrong. The garden is alive. We’re alive. Life is (distantly) okay. That’s good enough, right? Be well.

20 April 2020

By | | , ,
Comments Off on 20 April 2020

Fun with WordPress

Note – this is a discussion and solution for a technical problem for a WordPress instance that uses an SSL certificate signed by a non-public CA. If you don’t care about this sort of thing, please move your eyes down to the next section.

The error text that I saw in the new-to-me Site Health page following upgrading to WordPress 5.4:

cURL error 60: SSL certificate problem: unable to get local issuer certificate

The error above was generated because WordPress/PHP couldn’t verify the site certificate. When this is broken, the impact can be significant on a WordPress instance. Some features just don’t work quite right. Auto updating can fail, and so on.

The context here is that for a variety of internal and external sites, I use site-specific SSL certificates that are signed by our internal CA. That’s a good thing, because prior to Let’s Encrypt, it was easy to spend a bunch of money on SSL certificates from a reputable source. We won’t discuss the non-reputable sources. Since I’m using an external resource for caching and web app firewalling, I am able to use the internally signed certificate for several external sites as well.

With the most recent update adding Site Health as a core feature, this error surfaced for me on a couple of sites. It took a couple of hours and some false starts before I found this solution.

In the WordPress file tree, there’s a file at wp-includes/certificates/ca-bundle.crt (using UNIX-style slashes). This is the file of CA certificates that WordPress and the PHP functions use to verify a certificate is valid. Tryijg to get WordPress and PHP to use the system CA certs file (which has my Root Certificate added as a trust source) was a non-starter, although I tried. So I copied the text of my Internal Root Certificate into thewp-includes/certificates/ca-bundle.crt file. Boom! Problem solved … for now.

The downside of this solution is that any given WordPress update in the future may (will?) overwrite that file with newer info, and will once again exclude my Internal Root Certificate. So I created a text file that contained an identifying header string and the Internal Root Certificate. I then wrote a shell script to check thewp-includes/certificates/ca-bundle.crt for that header string, and if not found, adds the content of the text file to the ca-bundle.crt file. That shell script runs once a day in the wee hours of the morning.

Now, anytime there’s a WordPress update that overwrites ca-bundle.crt, by the next morning, the Internal Root CA certificate will be back in place, and things will continue humming along nicely.

Staying at Home

We continue to stay at home, which is a good thing.

I’ll ask you to determine for yourself if it’s a good thing that some people who, for reasons of politics, mistrust etc., continue to gather in groups, putting themselves and their loved ones at heightened risk of severe illness and death. I personally would rather that people be sane and safe. But bailing any water at all from the deeply stupid side of the gene pool can only be for the good of humanity, in the long term.

I didn’t do any yardwork this weekend. We did a number of other inside chores, including re-loading shelves and such after dealing with a multi-phased ant invasion.

Additionally, on the yardwork front, I will point out that planting veggies HAS brought the usual effects on to our region: We had two overnight frosts in the last week, and we’re due for one more on Tuesday night. I’ve been tarping the veggie beds for those events, and so far haven’t lost plants to them.

Happy Dog

While I was dealing with a training event late last week, I ran across the first picture we took of Lexi on her gotcha date in March 27, 2010:

Our first picture of Lexi the chipuggle mutt, taken on March 27, 2010.
Lexi’s First Photo Op

Winding Down

Nothing particular to report here. Be well, okay?

April 13, 2020

By | | ,
2 Comments

Health and Safety

We’re continuing on the bored, stir-crazy, and physically healthy trend here. We hope that all is well with you and yours.

Yard Work

Aside from working from home, and some indoor chores, most of my “spare” time has been given over to further yard work. During the week, I took half a day off. The first hour of that was conveying the dog to her second round of annual shots at the veterinary clinic. The rest involved picking up some veggies and a tray of flowers, then getting the veggies into the raised beds.

I started by removing last year’s landscape fabric and preparing the beds for tilling:

Two garden beds ready for tilling

Turning over the soil in those two beds, with a bit of amendment in the form of sterilized manure, was a matter of barely 15 minutes. That was followed by raking out and leveling the beds, and getting the plants installed.

Veggies installed in garden beds.

I haven’t yet setup the watering – it really isn’t needed at this time of year. And from today’s vantage, several of those tomato seedlings (in the near box) are already failing. I’ll have to pick up some more robust ones soon.

On the weekend, I continued working on the front yard. My primary focus was making that bed where the extracted tree once lived nice again. So on Saturday, I used the pick axe to turn over the soil in large chunks, and remove as many of the roots as I might. Then I used the tiller to turn the soil over and make it manageable. I raked and shaped the bed, then covered the back section with landscape fabric to keep the weeds down. Finally I mulched the whole bed. I continued with a few more bedding sections, with the eventual goal of getting the front yard in shape. I’m about half done. But here’s how that mound came out:

Mound, made pretty

Winding Down

DoD announced no new casualties in the last week.

Side note – I was up for a few hours during the night, comforting a dog terrified by the intermittent thunder. She’d just start to settle down, then another boom would wind her up again. Now, of course, I’ve got to work, and she’s curled up in a ball beside my chair, asleep and snoring. Sigh.

5 April 2020

By | | , ,
Comments Off on 5 April 2020

Spring Chores

Turns out that the seasons roll by regardless of stay at home orders… Late last fall, during the cleanup, it was clear that the spruce that adorned the left side of the front yard was just about done.

The failing spruce

By February this year, there was no green left to it. This weekend: last rites were administered. Using the pole saw and the small electric chainsaw, I took the tree and both small shrubberies out, along with doing a fair bit of other spring front yard cleanup.

Today, my big hope was that the odd angle of lean was indicative of a shallow, shoddy root system. My hopes were fulfilled.

Stump removal

I first weeded out the bed, preserving the tiger lilies. Then I dug out stumps, starting with the two shrubs, then attacking the spruce stump. I trenched around that with the pickaxe, to a depth of about a foot, then started undercutting it. After a couple of hours of work just on this stump, I got a long 2×4 underneath one edge and broke it free of the remaining roots. Then I worked it up on it’s side onto a couple of short lengths, and was ready to knock the dirt out before hauling that off. I filled in the shallow hole and called it a day.

Our schedule remains the same – mostly home. I’ll go to the office for half a day this week, and on Wednesday there are two outings – in the morning, we’ll take the dog for the rest of her annual shots, then in the afternoon, we’ll go to pick up the groceries that we ordered on Friday.

Winding Down

Our condolences to the family and friends of Sgt. 1st Class John David Randolph Hilty, 44, from Bowie, Maryland, who died on March 30, 2020 in Erbil, Iraq, of a non-combat related incident.

30 March 2020

By | | , , ,
Comments Off on 30 March 2020

Healthy and Cooped Up

As such things go these days, that’s not a bad combination. I’m one of about three people going into my office for a few hours one day a week, to manage one part of our “essential” business that requires physical presence. I’m trying to keep the grocery runs to once every two weeks if I can manage it. Just about the time the weather gets nice enough that Marcia could consider going fishing, at least, the stay home order drops. A pretty good thing, frankly, but it’s hard for her, I know.

The extended family is, to the best of our knowledge, also healthy and cooped up. That’s a happiness, too.

Be safe as reasonable, my friends. Lexi will keep guard…

Lexi on guard duty

22 March 2020

By | |
Comments Off on 22 March 2020

#WFH

First, we’re healthy at this time.

Yup. Most folks I know hereabouts are working from home (WFH). Me, too, but for one day a week when I’m the only one in my department to go into the office for required onsite work requiring physical interaction – tape backups rotating offsite.

I actually put in about 4 hours this weekend, too, on regularly scheduled patching activities that I would have done from home on a Sunday, anyway.

Saturday was yardwork, roasting coffee, and some other chores.

By next weekend, it’ll be time to make a brief run to the store for groceries, etc.

Give yourselves space, time, and forgiveness. Do the best you can to protect yourselves and those around you.

15 March 2020

By | | , ,
Comments Off on 15 March 2020

Ides of March

Happy Birthday, Alex!

What’s new?

The good news is that we already practice social distancing a lot. Hope y’all can manage that, too! Wash your hands a lot, keep the people around you healthy by keeping yourself as isolated as is reasonable and possible.

We’re both healthy at this time, and we’ll do our best to keep it that way!

I did get the shopping done today, which took a while, since there were lines. I also roasted coffee.

Lexi

Relaxing:

Lexi the mutt relaxing on her back, on the sofa.
Lexi relaxing…

Winding Down

Our condolences to the families and friends of these fallen warriors:

  • Gunnery Sgt. Diego D. Pongo, 34, of Simi Valley, California died on March 8, 2020 while supporting Iraqi Security Forces in north central Iraq.
  • Capt. Moises A. Navas, 34, of Germantown, Maryland died on March 8, 2020 while supporting Iraqi Security Forces in north central Iraq.
  • Army Spc. Juan Miguel Mendez Covarrubias, 27, of Hanford, California died March 11, 2020, when his unit was engaged by enemy indirect fire at Camp Taji, Iraq.
  • Air Force Staff Sgt. Marshal D. Roberts, 28, of Owasso, Oklahoma, when his unit was engaged by enemy indirect fire at Camp Taji, Iraq.