odroid hc4 and zfs

 The HC4 odroid images (official focal and meveric's armbian-buster (and I think toogood's images too) don't have zfs in the kernel (I think because zfs isn't in the mainline kernel either?)

Installing zfs-dkms fails because there's some incompatibility between zfs-dkms 0.7.12 in focal and buster.

I had a play with git clone and building openzfs master.  That correctly built the kernel module and importing the pool and running zpool and zfs-test all succeeded.

Meveric, however, has pointed me at:

apt install -t buster-backports zfs-dkms

Because

"I checked however on the ZFS DKMS module form Debian Buster and found the version that is in the default repository (version 0.7.12 of spl-dkms and zfs-dkms) are not compatible with Kernel 4.9 that we're using.
Luckily for you in buster-backports there's version 0.8.5 available and THAT is compatible with Kernel 4.9."

 Many thanks to Meveric for the assist.  While I could have continued with what I'd built from source, it's better to use the backported spl-dkms so that I can get future updates/fixes.

https://forum.odroid.com/viewtopic.php?p=313882#p313882

Setting up devstack on my bionic-base Virtualbox

[WIP]

 These are just personal notes, probably not relevant to *you*.

I have an Ubuntu Bionic base VirtualBox instance that I clone to build other bionic instances.

Right now, I'm trying to get devstack running in a clone of that base.  That failed with an error around not being able to do something with python simplejson.  My current attempt to fix this is to purge the python3-simplejson package, unstack.sh and then run stack.sh again.

Removing hacking attempts from web logs

I needed to extract valid http request URLs from a client's web access logs (IIS).  It wasn't sufficient to whitelist known good URLs since there were many URLs that attempted directory traversal or executing php scripts from legal looking URLs. 

A simple solution came to mind after some percolating.  I'd extracted timestamps, paths, HTTP method, remote IP address (client) and a few other things.  I didn't need to have perfect logs (didn't need to correctly identify every single log entry).  Having a few false positives and a few false negatives was fine.

Identifying IP addresses used by invalid requests (in my data set, anything with .. or php in them were invalid, the first being a sign of someone attempting directory traversal attacks and the second being a sign of someone probing for vulnerabilities in many php applications.

delete from [table] where ip in (select ip from [table] where url like '%..%' or url like '%php%')
worked very well.

Cisco AnyConnect cert errors on Ubuntu

I needed to use Cisco AnyConnect to connect to a client's VPN server.  Whenever I'd start up the AnyConnect GUI though (server hostname already entered in the server textbox), it would complain about the server cert being untrusted.

There are a few online posts about symlinking things from firefox into the correct system lib directories for the correct linux arch. 

I didn't want to do that (because I wasn't clear what else would break), so I ran strace -f on the vpn GUI and looked for interesting open* calls.  It turns out there are open calls to, e.g., ""/root/.mozilla/firefox/".  That happens before the open calls on /opt/.cisco/certificates/ca*.

On this box (an lxc instance just for this vpn) I'd never run firefox as root so there was no .mozilla/firefox directory at all.  I started up firefox as root but didn't browse anywhere and after that the VPN no longer warns about the cert being untrusted.

The Cisco anyconnect software is installed from a self-uncompressing shell script, so it's not going to know where the system it's installed on stores its certs, so I guess it just punts and looks in root's firefox (plus a few other places that aren't set correctly for it on Ubuntu) for certs.

Insightful forum post on Shogun 2 sieges

https://gaming.stackexchange.com/questions/80775/tactics-on-how-to-siege-a-castle-in-shogun-2