How to Install Multiple Linux Distributions on One USB

As someone who has tinkered with multiple distributions, this will be a great way to try out multiples

This tutorial shows you how to install multiple Linux distributions on one USB. This way, you can enjoy more than one live Linux distros on a single USB key.

Source: How to Install Multiple Linux Distributions on One USB

App That Paid Users to Exercise Owes Nearly $1 Million for Not Paying Users to Exercise

In the capitalistic nightmare we live in, everything has to be a transaction. So, when Pact launched its fitness app that let you make money for working out—or else pay a fee for failing to do so—it seemed to be the perfect motivational tool. There was just one problem: The company apparently wasn’t that great at paying up, and was it too good at collecting fees.

Hah, I remember this app. I actually did try it for a while but failed to see its appeal, or how it could make me continue to exercise. People would only be interested in this if they were really seriously wanting to meet a goal. People demotivated enough, would just cancel the pact/goal and continue on.

Source: App That Paid Users to Exercise Owes Nearly $1 Million for Not Paying Users to Exercise

CCleaner malware outbreak is much worse than it first appeared | Ars Technica

The malware backdoor in this story is quite intriguing. They are targeting specific companies (Samsung, Akamai, Cisco, Microsoft amongst them) and only attempting the second level attack if they are detecting they are being installed there.

The advice mentioned in the article is that anyone who installed the software on their system should REFORMAT THEIR DRIVE. Quite an extreme recommendation. My suggestion – stop using Windows.

Source: CCleaner malware outbreak is much worse than it first appeared | Ars Technica

Google/HTC deal is official, Google to acquire part of HTC’s smartphone team | Ars Technica

So Google has officially hooked up with HTC. How do I feel about this? Rather ambivalent, actually. On one side Google is already using their phones (Pixel), but HTC did roll over to Apple a long time ago without standing up to their bullying tactics – something that made me ditch HTC in favour of Samsung (and, tbh, I’m glad I did). However, this link up means Google gets a dedicated team to work on their phones. Whether this means they’ll become a decent competitor to the other devices, remains to be seen.

Source: Google/HTC deal is official, Google to acquire part of HTC’s smartphone team | Ars Technica

Linus Torvalds Invites Attackers to Join the Ke… » Linux Magazine

Torvalds is not a huge fan of the ‘security community’ as he doesn’t see it as black and white. He maintains that bugs are part of the software development process and they cannot be avoided, no matter how hard you try. “constant absolute security does not exist, even if we do a perfect job,” said Torvalds in a conversation with Jim Zemlin, the executive director of the Linux Foundation.

“As a technical person, I’m always very impressed by some of the people who are attacking our code,” Torvalds said. “I get the feeling that these smart people are doing really bad things that I wish they were on our side because they are so smart and they could help us.”

Source: Linus Torvalds Invites Attackers to Join the Ke… » Linux Magazine

Apache bug leaks contents of server memory for all to see—Patch now | Ars Technica

Another vulnerability hits the news. Whilst similar to heartbleed in leaking memory contents, it does not seem to be too risky if you’re running it as a single user, and the memory leak isn’t huge quantities.

Saying that, this vulnerability also may also affect cloud systems. For example, on AWS, (which has httpd), doing a version check:

$ httpd -v
Server version: Apache/2.4.27 (Amazon)
Server built: Aug 2 2017 18:02:45

However, without knowing how Amazon have setup Apache behind the scenes, are we able to say definitely that we are/aren’t affected?

Source: Apache bug leaks contents of server memory for all to see—Patch now | Ars Technica

[SCRIBBLE] Tinkering with Kubernetes and AWS [WIP]

This is a scribble post — a WIP/incomplete post, so read with the understanding that it will have holes in the knowledge or gaps.


This article just goes through my tinkering with Kubernetes on AWS.

Create a new S3 bucket to store the state of your Kubernetes clusters

aws s3 mb s3://k8sstate --region eu-west-2

Verify

aws s3 ls

Create a Route 53 hosted zone. I’m creating k8stest.blenderfox.uk

aws route53 create-hosted-zone --name k8stest.blenderfox.uk \
--caller-reference $(uuidgen)

dig the nameservers for the hosted zone you created

dig NS k8stest.blenderfox.uk

If your internet connection already has DNS setup to the hosted zone, you’ll see the nameservers in the output:

;; QUESTION SECTION:
;k8stest.blenderfox.uk.     IN  NS

;; ANSWER SECTION:
k8stest.blenderfox.uk. 172800 IN NS ns-1353.awsdns-41.org.
k8stest.blenderfox.uk. 172800 IN NS ns-1816.awsdns-35.co.uk.
k8stest.blenderfox.uk. 172800 IN NS ns-404.awsdns-50.com.
k8stest.blenderfox.uk. 172800 IN NS ns-644.awsdns-16.net.

If your connection isn’t set up to resolve to the aws DNS (like mine), you’ll get this instead:

;; QUESTION SECTION:
;k8stest.blenderfox.uk. IN NS

;; AUTHORITY SECTION:
uk. 603 IN SOA dns1.nic.uk. hostmaster.nic.uk. 1403374706 7200 900 2419200 603

This means you need to do a bit of DNS hacking to get this to work. The quick and dirty method is to add one of the aws DNS hosts to your /etc/resolv.conf file.

dig using one of the aws DNS servers and see if that resolves properly

dig @ns-1816.awsdns-35.co.uk NS k8stest.blenderfox.uk

If it does, then look for this line near the end:

SERVER: 205.251.199.24#53(205.251.199.24)

Add this into /etc/resolv.conf (make sure you’re root/sudo’ed up)

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 205.251.199.24
nameserver 127.0.1.1

Now try to dig the nameservers and confirm it now returns the nameservers correctly

dig NS k8stest.blenderfox.uk

If that works, we can now continue

First, export your AWS credentials as environment variables (I’ve found Kubernetes doesn’t reliably pick up the credentials from the aws cli especially if you have multiple profiles

export AWS_ACCESS_KEY_ID='your key here'
export AWS_SECRET_ACCESS_KEY='your secret access key here'

You can also add it to a bash script and source it.

Create the cluster using kops. Note that the master zones must have an odd count (1, 3, etc.) since eu-west-2 only has two zones (a and b), I have to have only one zone here

kops create cluster --cloud aws --name cluster.k8stest.blenderfox.uk \
--state s3://k8sstate --node-count 3 --zones eu-west-2a,eu-west-2b \
--node-size m4.large --master-size m4.large \
--master-zones eu-west-2a \
--ssh-public-key ~/.ssh/id_rsa.pub \
--master-volume-size 50 \
--node-volume-size 50

You can also add the --kubernetes-version switch to specifically pick a Kubernetes version to include in the cluster. Recognised versions are shown at

https://github.com/kubernetes/kops/blob/master/channels/stable

TL;DL: Bands are:

  • >=1.4.0 and <1.5.0
  • >=1.5.0 and <1.6.0
  • >=1.6.0 and <1.7.0
  • >=1.7.0

Each with their own Debian image.

If you get this message:

error doing DNS lookup for NS records for "k8stest.blenderfox.uk": lookup k8stest.blenderfox.uk on 127.0.1.1:53: no such host

It means you haven’t done the resolv.conf hack

Assuming the create completed successfully, update the cluster so it pushes the update out to your cloud

kops update cluster cluster.k8stest.blenderfox.uk --yes \
--state s3://k8sstate

While the cluster starts up, all the new records will be set up with placeholder IPs. Remove your resolv.conf hack as this can affect your DNS resolution

Selection_004

Now you’re at a stage where the cluster is starting up but the API server is failing. Currently trying to figure that part out.