Ubuntu hàng tuần #1
Lỗi bảo mật xz/liblzma CVE-2024-3094 lùm xùm cuối tháng 3/2024 đã làm xôn xao cộng đồng mã nguồn mở trên toàn thế giới. Cho các bạn chưa có dịp theo dõi, CVE-2024-3094 là mã định danh cho một lỗi bảo mật của thư viện nén dữ liệu lzma, trong đó hacker nặc danh đã cố ý chèn mã độc vào mã nguồn của lzma. Các chuyên gia an ninh mạng trong cộng đồng vẫn đang ngày đêm dịch ngược mã độc này để hiểu rõ hơn mục tiêu cũng như phạm vi ảnh hưởng của CVE này.
Migrating my blog to static pages
For many years, I have maintained my blog on blogger.com. Though I find it is a really-easy-to-use blogging platform, I am still unsatisfied with the lack of many necessary features. Many of my frustration when using blogger.com are:
It does not allow me to easily format code. I need to use a thirdparty to help format my code. I would copy the result to generated html of my article. That process is tedious and error-prone.
Technical Note: Convert an ova image to qcow2 format
From Wikipedia of Open Virtualization Format, I learned that an the ova file is just a tar file of ovf directory. So I went open a Windows 10 Developer Evaluation ova file to see what exist inside it.
$ tar -tf WinDev2001Eval.ova WinDev2001Eval.ovf WinDev2001Eval-disk001.vmdk WinDev2001Eval.mf So inside the ova file includes
A virtual machine specification definition .ovf file A hash checksum .mf file A disk image in .vmdk image As qemu-img supports vmdk as disk image file, we actually could convert vmdk file to any other format that we like.
Technical Note: Disk Encryption using Cryptsetup with Vault as Key Management Service
In Linux Operating system, full disk encryption could be achieved by various solutions: encryptfs, dm-crypt… While a step-by-step setup of disk/partition encryption can be referred from official documentation, integration disk encryption with Key Management solution like Hashicorp Vault is unobvious. Fortunately, there are a package named vaultlocker in Ubuntu Universe repository that ease this integration. I decided to spend my free time to make cryptsetup work with Vault.
Notes: A similar request has been made to Cryptsetup but it goes outside of cryptsetup so it was closed.
New NUC
Background My old desktop becomes sluggish as I deploy multiple test environment on it. As I also use various desktop applications for my daily works on the same desktop machine, sometimes resource insufficiency freeze the all the applications, interfering my work flows. I am always a fan of small low-energy NUC devices so I take this chance to buy a new NUC device solve my resource issue.
Before buying new device, I had some considerations for a NUC.
Visualize Enviro Phat Sensors Data
Enviro pHat is an low-cost environmental sensing boards that let you measure temperature, light color, motion and analog sensors. The accompanied python SDK makes writing program to get data from enviro pHat as easy as pie. Enviro pHat could be used in combination with RaspPi zero to become a simple room conditions monitoring sensing board.
With grafana and prometheus, it looks so easy to at least build a dashboard for environ pHat sensors data, so I decided to build a enviro pHat dashboard.
Manage Local Computing Resource using MAAS
Besides managing bare metal machines, MAAS (Metal as a Service) can also manage KVM guests as long as those machines are boot from network PXE. This feature allow us to efficiently manage local computing resources, while at the same time, leverage JuJu for automatically middle ware deployment. In this post, I will detail steps to manage KVM guest machines using MaaS.
System diagram MaaS Managed Machine: MaaS Virtual Machine creates other Virtual machines through KVM Pod.
Technical Note: How to Change Juju User Password
Juju User JuJu has an internal user framework, which supports sharing of controllers and models. Using JuJu user feature, a sysadmin could separated users for controllers as in multiple clouds deployment or for users as in multiple systems deployment. Each juju user can have its own permissions at application, model, or controller layer. This separation of responsibilities allow multiple users to manage multiple infrastructures with a clear border of responsibilities.
Technical Note: DynamicUser in Systemd
Background Recently, I received a really interesting question from my customer. He found out in his file system two files (directories), which belong to an user that not in /etc/passwd. Specifically in Ubuntu Linux 18.04, these 2 files are
/var/lib/private/systemd /var/lib/private/systemd/timesync These two files belong to a user named systemd-timesync with UID/GID in 62583 and this user does not belong to /etc/passwd.
Traditionally, a Linux user does not always need to be in /etc/passwd because it can come from many remote sources, for example
My Presentation at Developer Summit 2018
Developer Summit one of the biggest developer gathering in Japan, where developer will gather in one day event with full of sessions to gain knowledge and experiences, as well as technology trends of current year. This season’s topic is “society in the expansion of data”. Full event timetable and speakers’ profiles could be confirmed at event homepage (https://event.shoeisha.jp/devsumi/20180727)
This year, I’m honored to be one of the speaker at this event (https://event.