F5 iRule Class Match Crash

Problem: F5 iRules with “class match” crash sometimes with this message:

/Common/UA_DETECT – ambiguous option “-“: must be -all, -index, -element, -name, or -value while executing “class match [string tolower [HTTP::header User-Agent]] contains UA_STRINGS”

Discussion: the class match command has optional parameters, when the HTTP header User-Agent starts with a “-” it gets intepreted by the tcl interpreter. This is dangerous, because it’s actually a kind of code injection, with possible terrible impact.

Solution: add “‐‐” as first parameter to the class match command

class match ‐‐ [string tolower [HTTP::header User-Agent]] contains UA_STRINGS

Version: F5 LTM 12.1.2

No Text Console After NVME Storage Upgrade

Problem: After upgrading a system to NVME, Linux boots without textconsole, or sends the text console to the wrong graphics card.

Discussion: The NVME upgrade needed to change from BIOS boot to UEFI boot. UEFI boot disables the pure text console, and the kernel uses whatever frame buffer is available, or without text console if no frame buffer is available. That means the kernel config item “CONFIG_VGA_CONSOLE” does not work any longer in UEFI, at least on my hardware.

Solution: I activated a framebuffer console driver with this kernel config item: CONFIG_FB_EFI

Versions: Debian9, Linux 4.9, ASUS Z170-A, Nvidia GPU

Juniper MX204 Upgrade

    1. Check the current version.
    2. > show version
      Hostname: Router
      Model: mx204
      Junos: 18.2R1.9
      JUNOS OS Kernel 64-bit [20180614.6c3f819_builder_stable_11]

    3. go to https://support.juniper.net/support/downloads/ and select MX204, and search for newer version
    4. Select “Install Package” -> “VMHOST 64-BIT” -> “tgz”
    5. After login you will see a URL. Copy this URL
    6. Download the file onto your Juniper MX204, with this command

      > file copy “URL YOU COPIED”  /var/tmp/image-name.tgz

    7. You may validate the image with:

      > request system software validate /var/tmp/image-name.tgz

    8. Install the software:

      > request vmhost software add /var/tmp/image-name.tgz
      > request vmhost reboot

Source: https://www.juniper.net/documentation/en_US/junos/topics/concept/installation_upgrade.html

New Vim 8 on Debian 9 Stretch has buggy Mouse/Paste/Syntax handling

The new Vim 8 on Debian tries again to appeal to the 95% of the people (the noobs) and adds features the are annoying to professionals. When these new features are buggy it’s even worse.

Problem: vim 8 on debian 9 has some annoying default settings for vim

  1. paste uses a vim internal clipboard instead the system clipboard (when not using shift). This is totally stupid because if you copy something from the browser to the editor you get something else. It might even be some thing you copied hours ago from a different file logged in from a different client
  2. The cursor jumps to the mouse cursor when clicking into vim. This sounds correct for non professional geeks but it’s actually annoying because I use “hjkl” to move the cursor and use the mouse to copy/paste and I hate it when I loose the cursor position when selecting text for copy/paste
  3. Syntax highlighting is so ugly and hard to read. Noobs may like this but again for professional geeks that’s annoying.

Changing this system wide should be easy by adding these two lines to /etc/vim/vimrc. But this fails.

syntax off
set mouse=

Settings in /etc/vim/vimrc are ignored because settings in /etc/vim/vimrc are overruled by “/usr/share/vim/vim80/defaults.vim”

Workaround: until Debian fixes this bug, you have two ways to change this.

Add the lines from above to “/usr/share/vim/vim80/defaults.vim” directly.

Remember that this change might be over written when vim is updated.

When you don’t like the autoindent feature you can also add this line:

filetype plugin indent off

If you want to be save for system updates you can ignore default.vim all together by adding “/etc/vim/vimrc.local” to your system with this content:

let g:skip_defaults_vim = 1
set mouse=””

Web Audio Silence

Problem: I had problems with an audio driver (no not on Linux). The sound started with a delay after every gap of silence. This bug cuts off about 1/2 of a second of the attack of the sound. This is a problem when you try to make music in particular.

Workarround: I made a little webpage that plays “Total Silence” or “Almost Silent” sound. This keeps the sound driver busy and prevents the driver from shutting down the sound.

–> http://seven.mail.at/silence.html

Juniper MX204 Setup Guide

Juniper MX204 is router from Juniper running Junipers own operation system Junos.

The MX204 has 4x 40Gb and 8x 10Gb. The 40Gb ports can be split into 4x 10Gb.

After unboxing it has no configuration. Connect a standard RS232 console cable with a Cisco style RJ45 connector, set your terminal to 9600 8N1 and power it up.

The Junos console welcomes you with a standard FreeBSD login.

Login in with “root” and no password.

Start the Junos CLI with “cli”

roo@:# cli
root>

This is the standard mode that you will reach later when configuring such device over a network connection (Telnet/SSH)

Like Cisco, Junos has two modes “standard” mode and “configure” mode:

root> configure
[edit]
root#

Different to Cisco, on Junos configuration changes are not active immediatly. You can configure different things in config mode and when you finished type “commit” to active changes or “exit” to discard your changes.

Here are some settings for the first setup:

# change root password
set system root-authentication plain-text-password
# add another user
set system login user USERNAME authentication plain-text-password
set system login user USERNAME class super-user
# set host name
set system host-name HOSTNAME
# set the managment IP for the “mgmt” port
set interfaces fxp0 unit 0 family inet address ADDRESS/PREFIX_LENGTH
# On Junos 18.2 the default setting for fxp0 is dhcp, deactivate dhcp
delete interfaces fxp0 unit 0 family inet dhcp
# Starting in Junos OS 17.3R1 you can seperate the mgmt interface from the default routing table
set system management-instance
set routing-instances mgmt_junos routing-option static route 0.0.0.0/0 next-hop MGMT_LAN_ROUTER
# activate ssh (and/or telnet)
set system services telnet
set system services ssh
# Junos 18.2 has auto software upgrade, deactivate it
delete chassis auto-image-upgrade
# active and save all changes
commit

You can list you current configuration with “show” inside and “show configuration” outside of configuration mode

Starting with 18R1 Juniper MX204 can mix 10G and 1G ports on the 8 SFP+ Ports.

You have to set the pic to per port mode with

set chassis fpc 0 pic 1 port 0 speed 10g
set chassis fpc 0 pic 1 port 1 speed 10g
set chassis fpc 0 pic 1 port 2 speed 10g
set chassis fpc 0 pic 1 port 3 speed 10g
set chassis fpc 0 pic 1 port 4 speed 10g
set chassis fpc 0 pic 1 port 5 speed 10g
set chassis fpc 0 pic 1 port 6 speed 10g
set chassis fpc 0 pic 1 port 7 speed 10g

# and
set interface xe-0/1/7 gigether-options speed 1g
# or
set interface xe-0/1/7 gigether-options speed 10g

If you like to backup the config to a server you can copy the config using ssh:

file copy /config/juniper.conf.gz configs@80.245.199.199:router.conf.gz

ToBeContinued

Javascript Bugs ?

Javascript is a fun programming language, its non blocking, event-driven paradigm is really interesting for many cases.

On the other hand there are strange things that are really making me nervous when using this language:

: parseInt doing strange things:

# nodejs
> parseInt(0.000007, 10);
0
> parseInt(0.0000007, 10);
7

: numbers in JavaScript are always floats, with all its weaknesses

> 0.1+0.2
0.30000000000000004
> 10000000000000000-1
10000000000000000

ToBeContinued

Version: nodejs-6

Boot ISO from USB Stick

Many Linux distribution builders like Devuan and Debian produce hybrid ISO image that work on discs and USB sticks. You can make bootable USB sticks by simply copying the image to the USB device with this command

dd if=isoimage of=/dev/sdX bs=10240

You can find the device name (X) by looking into dmesg oder lsscsi, and looking for newly plugged scsi/block devices.

But some companies still don’t know about hybrid images and provide ISO images the need to be on disk. (like samsung SSD updater).

Workarround: You can use SysLinux to make an USB stick that can boot an ISO image

Install SysLinux using standard procedures, in my case: aptitude install syslinux (currently 3:6.03-dfsg-5-deb8u1)

Do the following steps:

  1. (optional) wipe the USB stick:  dd if=/dev/zero of=/dev/sdX
  2. make a bootable vfat partition: eg with fdisk /dev/sdX  (“n”), set the partition type to VFAT (“t” “c”) and make it active (“a”)
  3. format the partition to vfat: mkfs.vfat /dev/sdX1
  4. install SysLinux on it: syslinux /dev/sdX1
  5. mount the newly created partition: mount /dev/sdX1 /mnt/usb
  6. copy the memdisk feature to syslinux: cp /usr/lib/syslinux/memdisk /mnt/usb/
  7. make a syslinux.cfg file on the USB stick: vi /mnt/usb/syslinux.cfg
    LABEL iso
        LINUX memdisk
        INITRD image.iso
        APPEND iso
    
  8. copy the iso image to the usbstick: cp isoimage.iso /mnt/usb/image.iso
  9. unmount the USB strick: umount /mnt/usb

You can even put different ISO images to one stick by copying multiple ISO images and making multiple entries in syslinux.cfg.

Source IP Address Based on User

If you want to use different source IP addresses based on the logged in user or running service on a Linux computer you can use these simple commands:

/sbin/ifconfig eth0:1 NEW-IP-ADDRESS netmask YOUR-NORMAL-NETMASK
/sbin/iptables -t nat -A POSTROUTING -m owner --uid-owner USERNAME -j SNAT --to-source NEW-IP-ADDRESS

You can use this if the source IP is necessary for remote firewall filter lists, or to separate IP traffic from services that don’t allow to configure the outgoing source IP.

Add these lines to /etc/rc.local to make it permanent.

Version: Should work on every Linux kernel of the last 10 years, tested on Linux 4.11.1