Author: Baab

Meetup this evening in the Discord @1830ish. The decision was made to stay virtual-only until Omicron loses some momentum. Don’t want to participate in the spread. Taking advantage of the downtime to refresh the space.

I know a bunch of you are traveling or otherwise engaged with family and holiday activities. Therefore, there will be no in-person meetup on Monday 12/27.

However, I will likely be online, assuming I make it home on time. I have to pick up some auction stuff in Maryland in the afternoon.

I’m very excited about the badge discussion we had last week, and look forward to further discussions with those who have been read in to the project. I’d like to see what thoughts you’ve had since last week.

So I finally put shiny white wallpaper on that long table at which we normally convene, and I thought, since it’s starting to shape up in there and the table is clear, perhaps we should have a minor little holiday gathering of some sort, and maybe our little death cult could recreate the last supper?

In other words, hybrid again Monday, I’ll restock the beer by then. Dress in your holiday finery. Be photogenic unless you’re in the witless protection program. We can discuss food options in the Discord over the weekend.

Show up in person or stay virtual if you must. We’re getting a little better at Hybrid.

Maybe we can talk Kevin into walking us through an RE challenge.

Maybe we’ll talk someone into drinking Malört.

Maybe the asteroid will show up early and obliterate us all.

I’ll be burning wood again during the meeting. If anybody wants to burn a custom holiday ornament, I have extra blanks. Bring a round image. 85mm x 85mm at 300dpi is optimal, but the software is very forgiving.

Actually, no, I take that back. Making that association would give evil a bad name. Parallels hijacks media file associations and routes them to Windows VM!

Installed Parallels on my M1 Macbook Air so that I could have a Kali VM when I needed it.

Eventually installed a Windows VM for reasons.

Then I noticed that Parallels had hijacked some of my media file associations so that when I clicked on MP4 or AVI files, default behavior became “Launch Windows VM and play it using Windows Media Player.” On what planet is this desired or acceptable behavior?

Of course, I undid it. Finder/file/Get Info/Open With/make change/for all. But part of me wants to meet the people that thought that would be a good idea and educate them with a hemlock cocktail. Is this simple pseudo-benevolent scope creep, or is this evil payola? I’d like to believe that the number of people desiring media to play inside a VM is less than 1%. It’s the least efficient way possible to play media. The only thing worse would be if, when you click a media file, someone is dispatched to your door to play it on their phone for you.

This evening we’ll be hybrid. If you just need to get away from your miserable home and have a beer with other adults who know what you’re talking about when you talk nerdy, feel free to come by. We’ll also stream to Discord for those who are too busy and self-important to hang with your friends. 6:30 in the usual place.

If you’re like me and you’ve linked many, many applications to FreeIPA, you probably have a pretty good sense of how to go about it, and in some cases you can use an app’s authentication subsection without even consulting the Great Oracle Of Grand, Legitimate Experience.

At least, this is usually the case with me.

Not so much with Zabbix. The interface was so deceptively simple that it threw me off.

Here’s what I discovered. Some from forums, some from less-than-obvious documentation, and some from twiddling knobs.

1. To even get an LDAP configuration to pass a test and authenticate a user, the bind user needs to be described in a full DN. This isn’t completely out of left field, I’ve seen a few implementations require this, although I prefer just providing a username and password.
2. You also need to add “cn=compat” preceding your base dn in the LDAP configuration page.
3. Here’s where it screwed me. I expected, after passing a test, that if I switched to LDAP authentication it would just work. Not so. There’s a brief mention of it in the docs: “Note that a user must exist in Zabbix as well, however its Zabbix password will not be used.” So here I was trying to authenticate an LDAP user after switching to LDAP authentication, and wondering why it doesn’t work. It’s because this implementation doesn’t sync users.
4. Also the internal Admin user no longer works after you switch to LDAP. I went through a couple rounds of resetting it by MySQL (“update config set authentication_type =0 where configid=1;”) before the light bulb turned on — just uncheck “Case sensitive login” and you can use your LDAP admin user. At that point I created local users to match my LDAP users, and gave them the rights I needed. In the end, it seems like the Zabbix implementation is only using LDAP for authentication. Nothing as fancy as something like Zammad’s LDAP implentation, which maps LDAP groups to roles in the application.
5. One more thing when creating a user, the UI says the password is optional when it’s an external user. This isn’t exactly true. Maybe it won’t be used, but it wouldn’t let me complete the form without a password. So make it a strong one.

Anyhow, I hope this helps someone someday. I found precious little online, and if I had it spelled out for me like this when I was looking, I would have been finished much faster.

Friend of mine ground-scored a laptop that was left in a college locker at the end of the school year. Visible screen glass damage from a violent corner drop, but still powered up and displayed just fine. Cute little unit, a Lenovo Flex 3. The screen flips around 360 to turn it into a tablet.

Anyhow it hadn’t been wiped. Windows 10, one known username, password unknown. A quick Google gave me something to try. Boot Windows 10 USB installer, go to command prompt, copy c:\windows\system32\cmd.exe into c:\windows\system32\sethc.exe (the sticky-keys notifier).

Boot the machine normally, and when it gets to the login, hit left-shift five times. Instead of the sticky-keys notifier, you get a command prompt. All I had to do at that point was change the user’s password:

net user (username) (new password)

I could immediately login as that user. Not much in terms of payload immediately visible. Hardly anything in documents, fewer than 30 photos saved, no custom apps. Oh wait, let’s launch mail (this machine is not connected to the Internet). Bingo, user’s complete historical Gmail up until the machine was last used. Conveniently saved to the laptop for me to rifle through looking for other useful data.

Moral of the story? Encrypt your home directory.

I suspect if I gave it internet access it would try to reach out to Google and raise an alarm for suspicious login and force reauthentication. Would that cause me to lose the existing emails I have already correct: That’s a question for another day.

Per group vote, and also because I have another meeting tonight, this evening’s weekly DC540 meetup will be virtual. See you in the Discord @ 1830.

My daughter is obsessed with planners. Her class notes are works of art. She’s done bullet journaling. Her last planner was a Passion Planner. She’s home from school for a couple of days and showed me her latest acquisition. It’s a Hobonichi Techo Cousin. It’s got pages for viewing a month at a time, a week at a time, and then a page per day. Every page is high-quality bleed-resistant paper with small graphs, which is very conducive to writing neatly with small handwriting. I was instantly attracted to it.

https://amzn.to/3C8NLqV (affiliate link, obvs)

Then she showed me how the cover is already starting to bend, so everyone usually gets covers for it.

The journal is $54 on Amazon. This seems like a lot, but with so many pages of very thin high-quality paper, it’s probably still a good price. But the covers — my god, there are covers people are charging over $100 for. I guess in the planner cult, you’re judged on how elite your planner cover is. 🙂

There is also a five-year version of the Hobonichi. Can you imagine a five-year planner? I cannot.