04 Jan

Ubuntu Trusty Tahr Backports Repository

in case you got broken package, you may need to try changing the content of  /etc/apt/sources.list  with this:

 

14 Oct

Disable Mac OSX Animation

Animation can be annoying, so here’s some list of animation that you can disable.

fire up your iterm2 and choose the animation youl’d like to disable.

source

07 May

prevent dns enumeration on bind dns server

what the hell is dns enumeration? well, according to this pdf book DNS enumeration is

… the process of locating all the DNS servers and their corresponding records for an organization. A company may have both internal and external DNS servers that can yield information such as usernames, computer names, and IP addresses of potential target systems.

so, this just little tricks on how to prevent dns enumeration on bind dns server, some dns enumeration tools will look at the zone transfer located on your dns server, and when it was misconfigured, it will leak all dns info to the attacker, like this:

sample of dns enumeration result

sample of dns enumeration result

Q: so, what’s the actual danger of this kind of leakage?

A: The information can disclose the network infrastructure of the company without alerting the IDS/IPS. This is due that most of the organizations are not monitoring their DNS server traffic and those that do they only monitor the zone transfers attempts.

and the trick is simple, most of the enumeration tools look for dns zone transfer record, so instead of allowing it for the rest of server’s uptime, just turn it of until you’re needed to do that.

put this line on your named.conf

and restart the service.

disclaimer: this tips doesnt guarantee your server will 100% immune to enumeration. the incident was reported and already fixed by the sysadmin on 18 april 2016.

23 Feb

[Job Offer] Backend Developer at Qasico

Hello,

Qasico is looking for a Backend Developer.

qasico

here is a brief explanation for Qasico,
QASICO are the first customized Integrated Business Application (IBA) provider in Indonesia. IBA is an integration model that combines business model operations and processes with technology to achieve efficiency, manageable, expandable and sustainable company or businesses. QASICO understand business challenges in every business stages, once the company fail to cope with that it’ll be a hard way to restart it again. That’s why QASICO with IBA modular system will assure company’s growth for successes.

QASICO origin name yield from Padang language (West Sumatra province of Indonesia), means “come here”. We are welcoming all business leaders and entrepreneurs to allocate the time to think about the business future without worrying how to get there. When challenges of business process enabler using technology as solution, QASICO is the answer

are you interested? find more info here.

14 Feb

golang oEmbed package

oembed

oEmbed

hello Everyone, I just want to share a small Golang oEmbed package for parsing Oembed data, there was a paid service like embed.ly or iframely.com. but in case you’re have a growing startup that doesn’t have big pile of money to pay some SaaS, maybe deploying your own service can be a good solution.

this module is written in golang, called oembed, and I also write a demo on how to use this module as a part of http service called gallang, the working demo are live here.

I’m bit suck at introducing something, so that was all.  X_X

27 Jan

[Scrapy] ‘scrapyd.webservice’ doesn’t define any object named ‘DaemonStatus’

I was using scrapy v1.0.3 and scrapyd v1.1.0 when I got "Module 'scrapyd.webservice' doesn't define any object named 'DaemonStatus'"  error as I throw deploy command through my scrapyd-client .

let me at 'em

let me at ’em

I doesnt know exactly why scrapinghub team doesnt release a new package to pypi, the documentation of scrapyd allready showing the latest docs describing about DaemonStatus.json  endpoint, but the latest package on cheese-shop still doestn provide this function.

In case you’re hurry and need this to be fixed asap, just pull the code from their github repo, I’m using this version [c7b98c].
extract, and install it. restart your scrapyd and everything just fine except you still cannot access the daemonstatus.json  endpoint.

naah not bad, at least I still can manage to deploy my latest spider to the production server.

hints:

if you are working with virtualenv, make sure you activate the virtualenv before firing these command

after that, resume your delayed task.

21 Jan

[ rabbitmq ] shit i forgot my admin password

with current hype on microservice, sometimes you will tighly coupled with message-oriented middleware like RabbitMQ [features], and as a part of security you will need an account to access them, yeah that username and password things.

but what happen if your sysadmin has shortcomings in terms of recall and suddenly yelling “Shit, I forgot my admin password” when you ask him to add new rabbitmq account for some software-development-related stuff?

its-rabbids-not-rabbitmq

aaaaaaaaaaaa

just calm him down and tell him to do this:

to add new user identified by  sup3rc00lpwd , and followed by this

to assign newly create user as an administrator . and then tell him to clean up his shit.

dont forget to tell him to sip his nearly-freeze coffee.


 

ps: in this post, I was the sysadmin.

ps2: this post contain heavy use of badwords and sarcasm.

10 Dec

Selenium Grid with PhantomJS

PhantomJS

PhantomJS Logo

Today I was installing a new box to be used as automatication server, for the hub I’m using selenium grid with PhantomJS as some of the webdriver that plugged in.

I’m using PhantomJS v2.0, downloaded it’s source from official site (http://phantomjs.org/), and compiling it in 4 core debian jessie VM.

the compilation work nicely, just follow along the build documentation (http://phantomjs.org/build.html) until I had an issue when running this command:

the output says:

googling for a while, and the problem was in the GhostDriver, so in case you had this issue, here is a quick solution:

edit src/ghostdriver/hub_register.js , comment or delete this following code:

recompile, and the problem is gone.

Here is the output after firing the same command:

30 Jun

[php] Lumen Framework Additional Configuration File

lumen framework logo

Today I was interested in Lumen Framework, another product from Taylor Otwell under the Laravel flag. at my first though, oh look another laravel with less batery included by default.

started to construct new project, and yeah, I need an additional configuration file and I would like to add it somewhere separated from the famous ‘.env’ file.

after lurking around the Lumen’s docs, I found this:

whoa whoa, where this config come from? nah, found it under the this file pointing to Container’s instance. and the I found this function that can be called from the $app->configure() . This magic give you an ability to add additional configuration file using php format that placed in the config folder within your project root.

 

so, without wasting more time, I create the config folder, put my site.php file with following value:

and add this line to app.php

this method fill register your additional configuration file which is placed in config/{name}.php and you can access it later with config("{name}.{key}") . please make sure you change the {name} with correct file.

 

Fin.