yaleman.org

Sometimes on Linux hosts, CrowdStrike has a bit of a weird issue with filling up /opt/CrowdStrike with old versions. The fix they gave us was… a bit special, so I came up with my own.

sudo find /opt/CrowdStrike -type f -name "KernelModuleArchive*" -not -wholename "$(readlink -f /opt/CrowdStrike/KernelModuleArchive)" -exec rm "{}" \;
sudo find /opt/CrowdStrike -type f -name "falcond*" -not -wholename "$(readlink -f /opt/CrowdStrike/falcond)" -exec rm "{}" \;
sudo find /opt/CrowdStrike -type f -name "falconctl*" -not -wholename "$(readlink -f /opt/CrowdStrike/falconctl)" -exec rm "{}" \;
sudo find /opt/CrowdStrike -type f -name "falcon-sensor*" -not -wholename "$(readlink -f /opt/CrowdStrike/falcon-sensor)" -exec rm "{}" \;

For each of the different file types it makes, there’s a “versioned” file, such as falcon-sensor7303 which is symlinked as /opt/CrowdStrike/falcon-sensor. When the “real” files update to new versions, they don’t clean themselves up. The above four lines looks for the “bad” files and filters out the existing “current” file using readlink to identify the canonical destination of the symlink.

Turns out, reading the manual in full is handy. If you’re wondering why your Segway Ninebot Kickscooter MAX is beeping constantly, it’s because you have to activate it.

Open the app, connect via Bluetooth and then click the little gear icon. Click “Activate” and then hit yes. It should make one more long beep and shut up after that.

They also limit the speed on the device until you’ve activated it, which makes sense, I guess?

Yesterday I had a solar system and storage battery installed into my house. As part of that, inspired by Jon Oxer’s great SuperHouse series, I had the electrician install some high current relays for me to control the hot water system.

My plan has two intended control options:

• with an automated timer.
• directly with my own code and controller.

The Timer

K3 is a Finder “Digital Astro Time Switch” with NFC connection support (12.81.8.230.0000).

Goodwe

LG RESU 6.5kw battery

This Comic from the Google Comic Factory is a great “starter” introduction to machine learning, its applications and methods. Well worth a read!

https://wiki.wemos.cc/products:d1:d1_mini

Living in Queensland, it’s terribly hot and humid in the summer time. My office faces east, but it being hot hasn’t really been much of an issue in the past, working from an office on weekdays and cranking up the ceiling fan if I happened to be at home on a summer weekend.

Owing to the awesomeness of my new job however, I’ll be working from home more regularly, and remote work means video conferences sometimes. This means wearing (at least) a shirt 😀 It’s time for air conditioning to save everyone from the effects of summer heat.

Xavier Mertens’ new post on the ISC Blog about blocking DNS over HTTPS with BIND RPZ was posted today, and it provides some really useful and actionable information on how to do it. BIND RPZs are a very useful tool for whole-of-network security actions.

And before you reach for your angry typing keyboard, yes - DoH is a great idea - until you want to be able to take the skills and tools of your corporate security team to secure them and respond to threats and incidents. :)

I uploaded a bunch of files to an s3 bucket, then needed to update the permissions.

aws s3 ls --profile <profile> --recursive s3://<bucket>  | awk '{print $NF}' \
| xargs -I{} -n1 aws s3api put-object-acl --profile <profile> --acl public-read --bucket <bucket> --key {}

There’s two replacements in the above code you need to make:

• bucket - the name of the bucket
• profile - the profile configured in ~/.aws/credentials

There’s a better explanation here, in the AWS support documentation

I was writing MicroPython to a new ESP32 board I got, and it was acting weird… looping the following over and over:

rst:0x10 (RTCWDT_RTC_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
flash read err, 1000
ets_main.c 371
ets Jun  8 2016 00:22:57

Turns out, if I’d read the documentation instead of just doing the same thing I’d been doing on the ESP8266’s, I’d have known I need to write it starting at 0x1000 instead of 0x0000.