Skip to main content

#Grub - How to boot a linux kernel from a Grub console?

2 min read

After upgrading my personal servers to Debian Stretch, one of them would not reboot.
I had to use KVM over IP (via iLO) to figure there was an issue with the bootloader configuration.

I've successively encountered the following error messages:

no loaded kernel
file not found

After rebooting the server in rescue mode, I recovered the configuration file generated by Grub and I run the following commands in Grub console :

grub > insmod gzio
grub > insmod part_msdos
grub > insmod ext2
grub > set root='hd0,msdos1'
grub > search --no-floppy --fs-uuid --set=root BXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
grub > linux /vmlinuz-4.9.0-3-amd64 root=UUID=RXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX ro quiet
grub > initrd /initrd.img-4.9.0-3-amd64
grub > boot

The first UUID (BXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX) matches with a boot partition (hd0,msdos1) of a disk drive and the second UUID (RXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX) matches with a root partition of a disk drive.

 

After gaining access to a remote shell over ssh again, I've fixed Grub installation by running the following command:  

sudo grub-install /dev/sda

Eventually, I've ensured everything was OK by using greb-emu before rebooting again

sudo apt install grub-emu
grub-emu
grub-install --version # returns "grub-install (GRUB) 2.02~beta3-5"





#Shell - How to check the TLS certificate expiration date of a remote host?

1 min read

Inspired by articles read from ShellHacks, Mattias Geniar's blog and the answer to a question posted on stackoverflow, I've added a function and an alias to my shell start-up script to check the TLS certificate expiration date of a remote host

#PGP - How to leverage to encrypt, sign and decrypt messages?

1 min read

Install the GNU Privacy Guard implementation of the OpenPGP standard.

Install and configure a messaging client like Thunderbird 
for use with a plugin supporting OpenPGP.

Enigmail can be installed as a plugin for Thunderbird allowing to encrypt, sign and decrypt emails.

Sending emails which have been signed or encrypted will require 

  • the generation of a PGP key pair (a public key and a private key)
  • the exchange of public keys with recipients of messages
    (for example by organizing a physical meeting) 

Other initiatives allowing to encrypt, sign and decrypt messages from a browser :

Riseup has published a pretty list of OpenPGP best practices

I recommend watching the following discussion between Oxblood Ruffin (http://cis-india.org), Frank Rieger (http://ccc.de/), Gabriella Coleman (http://www.mcgill.ca/) and Stefania Milan (http://mediastudies.nl) about the history and practice of hacktivism :

https://re-publica.de/session/hacktivism-or-fifty-shades-grey-hat

I've just shared a solution for migrating Piwik from 1.12 to 2.15.0:

http://stackoverflow.com/q/33549936/282073

Hint: Always read the documentation ...
See also http://piwik.org/faq/how-to-install/faq_18271/ ^_^

P.S. Piwik is an open-source analytics platform,
which can be downloaded from https://piwik.org

#Testing - About (not) using an alternative database for your functional tests

1 min read

Using an SQLite database for testing might come in handy.

Why should we use a database increasing the footprint of a test suite when executing very few queries? 

Even few queries are not prepared the same way depending on the database engine and as a result there is no guarantee of having the same records set returned by SQLite and another database used in production. 

For instance, I've encountered the following issues before:

 

#Lumen - Your database timezone set to "+00:00" by default with Lumen

1 min read

When running a command-line with artisan, I had time-dependent queries which never returned the affected rows I was expecting. I had this command precisely running at 00:01 every morning. 

By scheduling the task three hours later or by launching it manually in the morning, I was provided with the correct results. That's how I figured something was off with regards to the application timezone.

At first, I set the environment variable APP_TIMEZONE value to Europe/Paris in .env according to my context of execution. Unfortunately, it was not the solution to my problem.

Since we're dealing with open source code, why not exploring the vendors?

grep -rn timezone ./vendor

resulting in this specific match (among many others)

./vendor/illuminate/database/Connectors/MySqlConnector.php:43:        if (isset($config['timezone'])) { 

The following keywords submitted to DuckDuckGo led me to the right solution :

https://github.com/laravel/lumen-framework/issues/50
https://github.com/laravel/lumen/pull/32/files

The following setting was missing from my application .env file 

DB_TIMEZONE=+02:00

#2FA - How to make a backup of secrets stored in Google Authentication app (Android)?

1 min read

  1. Enable USB debugging in the phone developer options
  2. Pull the SQLite database using adb  
    adb pull /data/data/com.google.android.apps.authenticator2/databases
  3. Extract the database records using an SQLite client 
    sqlite3 database 
    .dump accounts
  4. Save the output in a reasonably safe place (for instance store it in a lastpass secure note)


See also http://dpron.com/3-ways-to-move-google-authenticator/

#MySQL - How to prevent a MySQL database from writing binary l ogs?

1 min read

To decommission an old server running a replicated MySQL database,
I had to prevent the (master) database from writing binary logs.

I figured I would need to

How to tab between buttons on a OS X dialog box?
Don't use tab key but command key combos instead.

CMD + first letter of button label

http://superuser.com/a/547501/29518
http://superuser.com/a/176003/29518