Search This Blog

Wednesday, 1 November 2017

AlienVault OSSIM OTX / Proxy

If you are having issues getting the API to register via a Proxy then ensure you are not doing HTTPS inspection to the domain.

A day of my life I'll never get back!

Tuesday, 23 February 2016

Iraika, roa, telo, aleha!

It's been rather quiet here for the past few months, for which there's a pretty good reason. In November the organisation I worked for and I parted company, by mutual agreement, and with a redundancy package.

Being so close to Christmas and with the certainty of wanting to take some time off (I'd given myself until Feb/March '16 before starting a job hunt) the decision of what to do loomed, there was no way I'd be able, or be allowed to sit and vegetate for that long. I toyed with a couple of London options, charity work, or perhaps give my Sports Therapy alter ego some space. Or Madagascar!

A few years ago I saw a wildlife program which had a 2-3 min piece on a marine conservation charity called Blue Ventures (BV) who were operating in a remote Southwest corner of Madagascar. I'd filed it under 'things to do but will probably never get the opportunity'. This was the opportunity. Sun, sea, diving, community work. Light bulb moment! 7.5 weeks away from home, light bulb went off. We talked it through and the next day I'm sending deposits, booking flights & making lists, big lists.

I already had my PADI Advanced diving, which is the minimum requirement for being part of the science program, and a ton of dive equipment, but the BV list was huge, and as I found out later very much about diver safety. The inventory also included a seriously scary first aid kit, malaria prevention, nets, drugs and advice that we would be isolated for 6 weeks and need to arrive with 'everything' we could possibly want/need while onsite. I was going to need bigger bags!


In Tana I'd meet the other volunteers and begin the 4 day drive to Toliara.

Simon & Liwia - Bravely quit their jobs in July '15 and have been working their way through African wildlife projects ever since.

Lucy - A wee bonnie lass taking a gap year from studies who arrived with more medical supplies and sun cream than the rest of us together. Which was actually very useful.

Anninja - Student from Switzerland who could only stay for the first 3 weeks before staring her medical studies.

We'd later meet Pierre, starting his 3rd expedition and Adam, who was travelling from Zimbabwe and would join us on week 3.

The road from Tana took us over some of (what I thought were) the worst roads I'd ever travelled on, little did I know! On the first day we spent 9 hours at the side of the road waiting for a bridge to be re-built. Which they did manage, but it was a stark reminder that this is Africa, shit happens.

On the way we celebrated New Year, hiked in Ranomafana National Park, saw our first Lema (which neither sang nor danced, I think the film may have been factually incorrect) and hiked
Isalo National Park where we swam in the natural pools.


Our last stop and last chance to buy anything we'd forgotten or anything we might want onsite, jams, sauces, snacks etc

After a few days of R&R we began the last leg of the journey to the village of Andavadoaka(Andava) and the BV site.

Google suggests this is a 3 hour journey. I strongly suggest Google send one of their mapping cars on that journey, with 4x4 rescue vehicles. Its a 9-10 hour off road track that follows the coast, rocky roads, sand dunes and a stomach that would have much rather stayed in the hotel made for a lively journey! It made the Tana/Toliara journey seem like a breeze and I was beginning to have reservations about what I'd got myself into.


First day onsite and the remoteness hits. Andava is the largest village in the Velondriake Locally Managed Marine Area (LMMA) with a population of ~1700 people known as Vezo.

Velondriake - "To live with the sea"

The homes are built with wood and there is no running water. Wells provide semi clean water but the Vezo also use the boiled water from cooking rice as a clean source of drinking water. Slightly nutty/popcorn flavour which I developed a taste for, whilst others in the group shunned me. A power line has recently been run through the village, so if you can afford it there is limited electricity. But it's expensive and not the norm. Charcoal stoves and fires are the main method of cooking and the sea the main source of food.

Credit Simon Webber

In comparison our accommodation was palatial! Aligned to the Coco Beach 'hotel', we stayed in 5 huts which can sleep 4 in each, a bathroom, flushing toilets and most of the time salt water running water.

Credit Simon Webber

This was to be home for the next 6 weeks.


The first couple of weeks were very much a settling in period. Getting used to a slower pace of life, 30-35 degrees heat, adapting to a very simple diet of rice, beans and fish; and fighting the inevitable illnesses volunteers tend to get.

We were also assigned duties on a weekly rotation. Handling the water filtration, cleaning up the Bat Cave/Dive hut and weather recording. Water and weather were little and often all day but cleaning tasks were 30 mins in the afternoon and then time to chill.

Each evening before dinner we'd find out what the following day's activities were going to be but generally :

Breakfast 08:00
Dive 09:00 / 11:00 (luxury of a small group meant no 06:00 scheduled dives)
Lunch 13:00
Duties 14:00
Lectures 15:00 - 17:00
Vao Vao & Dinner 19:30. The call to dinner was a chant of Iraika, Roa, Telo, Aleha! 1, 2, 3 Go! ..

Saturday was an enforced no dive day and Sunday was a day to do what we wanted. Which mostly meant nursing hangovers from the previous nights exploits with the local rum.


The diving was my main reason for choosing this adventure, the lure of the sea and the weightlessness underwater is just such a cool experience.

After a pretty comprehensive safety lecture, and after some early bacterial infections had been doused in antibiotics we had our refresher dives. Went through every single PADI skill, not something I've done since training, so a pain, but also a nice refresher.

Once cleared to dive we started benthic or fish id tests. Diving as a small group with one of the field scientists who would point and you take a crack at identifying what they were pointing at. Which needless to say started badly for most of us.

We were split into two groups, fish and benthic. Benthic for the less experienced divers as by the nature of the animal they don't tend to bugger off, but you do need decent buoyancy and Bic the BV instructor taught that exceedingly well. I've seen seasoned 100+ divers with less skills that Lucy and Anninja demonstrated. I and the other already qualified divers got fish. 150 of them to learn for a 50 question computer test and a 30 consecutive correct answers under water test. Until this expedition the first time pass rate was 2.  Unfortunately for me I was teamed with Simon and Liwia, AKA the dream team, who doubled the first time pass rate, no pressure on me then.

Over the next few weeks we dived 1 - 2 times a day, some doing science & others training.  I eventually passed the tests so joined the science team carrying out fish belts on reefs, a small audit counting fish, identifying species and collecting data which is collated and over time gives an impression of reef health.


Part of the BV ethos is that for conservation to succeed it must involve the community. During my stay we spent time on a number of community projects and also spent time with two local families as homestays. We visited the village of Vatoavo, which put Andava to shame with it's remoteness, and poverty, where I got to teach an English class while the other volunteers had arranged an English language treasure hunt for the kids. The village later put on a talent show during which we discovered twerking is apparently a BIG part of Malagasy dance culture, it's all about the arse.

Credit Simon Webber

The homestays were something I wasn't looking forward to, but part of this trip for me was doing things outside my comfort zone. That and dealing with wet sand on feet and fish bones, but they would be handled over time, and under my control.

Lucy and I had dinner with a family in Andava and the following day we would spend 'A day in the life' with the same family. We spent the following day helping them, or in my case hindering them with whatever they would normally be doing. A few of the volunteers wanted to fish, so they did but Lucy and I opted to stay on land which meant I spent the morning playing cards with the children and Lucy got to help with the chores. Although I did attempt to crush some corn, which didn't go down well.


BV run a number of other projects in Madagascar, three of which we had an opportunity to get involved with. 


In an effort to provide communities with an alternative income to fishing there are two farming projects, Sea cucumbers and Seaweed. Both of which are backed by companies who provide seed services and a route to market. They provide juvenile sea cucumbers and seaweed plants, the Vezo then nurture them until such time they can harvest and the product sold back to the companies, who then distribute. Cucumbers are used as a filler/bulking agent in Asian markets and seaweed in pretty much anything thats viscous, beauty products, apparently even some ice cream.

We got to take part in one of the periodic sea cucumber harvests. During low tide we helped the farmers collect and weigh cucumbers, anything >300g was catalogued and stored ready for the next morning. Their fate was sealed, evisceration. Cutting a hole in the anus and squeezing the guts out!

I think Lucy might be enjoying that, just a little too much! My single attempt resulted in the poor lady next to me getting covered in, well, sea cucumber bits.


Endemic to Madagascar the Spider Tortoise is critically endangered and in serious decline due to smuggling in the pet and food trade. We spent a day helping the rangers to monitor the population and catalogue the size, weight and age.

Credit Simon Webber

My time in Madagascar has come to an end and I've begun to try and reflect on the experience. It might be too early to really come to any conclusions, but it wasn't a total breeze, and there were times I'd gladly have taken a teleporter out. But I did some very cool things, met some great new friends and have new life experiences which I don't think many people get the opportunity to do.

Now I guess I need to find a job .. or maybe I'll find somewhere for my hammock.

2016 Expedition #1

Credit Simon Webber

Wednesday, 5 August 2015

Simulate Network Latency, Packet Loss, and Low Bandwidth on Mac OSX

OSX used to contain the binaries to configure ‘dummynet’ from FreeBSD which has the capability to do WAN simulation.

Mavericks no longer has support for dummynet but still has the code in the backend.  Find and copy the IPFW binary from an older machine into /sbin and you're good to go.


Inject 250ms latency and 10% packet loss on connections between workstation and web server ( and restrict bandwidth to 1 Mbit/s.

# Create 2 pipes and assigned traffic to/from:
$ sudo  ipfw add pipe 1 ip from any to
$ sudo  ipfw add pipe 2 ip from to any
# Configure the pipes we just created with latency & packet loss:
$ sudo  ipfw pipe 1 config delay 250ms bw 1Mbit/s plr 0.1
$ sudo  ipfw pipe 2 config delay 250ms bw 1Mbit/s plr 0.1

$ ping
PING ( 56 data bytes
64 bytes from icmp_seq=0 ttl=63 time=515.939 ms
64 bytes from icmp_seq=1 ttl=63 time=519.864 ms
64 bytes from icmp_seq=2 ttl=63 time=521.785 ms
Request timeout for icmp_seq 3
64 bytes from icmp_seq=4 ttl=63 time=524.461 ms

$sudo  ipfw list |grep pipe
  01900 pipe 1 ip from any to out
  02000 pipe 2 ip from to any in
$ sudo  ipfw delete 01900
$ sudo  ipfw delete 02000
# or, flush all ipfw rules, not just our pipes
$ sudo ipfw -q flush

Round-trip is ~500ms because it applied a 250ms latency to both pipes, incoming and outgoing traffic.

Packet loss is configured with the “plr” command.  Valid values are 0 – 1.  In our example above we used 0.1 which equals 10% packetloss.

Thursday, 2 July 2015

Docker & Consul Lab

In my spare time I've been building a small Docker lab.  I wanted to see what all the fuss is about and also to bring some reality to the kool-aid drinkers in the office.

I've been around long enough to know that theres no magic pill, variations of really good ones have appeared over time but they all need to be mixed with something else.

Docker expands on the Linux LXC built into most kernels from 2.6 which allows a process to exist within its own space within the system.  Similar to virtualisation but without the hypervisor and the overhead a hypervisor brings needing to be all things for all people.

Docker allows you to create & package a container.  Lets say we have a simple JAVA SMTP service.  All the components needed to run that service,  Tomcat, code files run within the container, which can be moved, copied to somewhere else and function in exactly the same manner.

Also comes with a registry, either public or private which acts as a repository for Docker images.  Now you can easily distribute containers or pass them along the dev pipeline to QA, Ops.

DevOps nirvana! The excitement is palatable!

And yes, if your service is 100% self contained then thats a valid statement.

It's when you start to try and build a bigger solution, and this is probably where my inexperience comes in, that you start to think, and find some of the down sides.

Docker deals with networking within the Docker binary.  It serves local DHCP addresses to containers which are then port mapped to the hosts IP.  If a container is moved to a new host, its end point changes.

Intra container communication is via tunnels built between them, not via the network.

How do you find a service?

The answer to that question has already been dealt with by others doing true SOA or web scale.  Write a service registry, use queuing, load balancers/API, zoo keeper.  It's a problem thats been solved by anyone doing dynamic scale but this tweet/blog post:

Led me to look at Consul

At its core is a really clever service registry.  But also layered with health checks, clustering, multiple locale support that can be queried using an API or via name lookups (DNS) to the Consul service port.  Also able to integrate with something like DNSMASQ to redirect queries, this would allow seamless integration into an existing environment where DNS is being used to locate services.

Consul is a small binary, which in my case is within the container or could just as simply exist on the OS that uses a config file to determine what to register with the consul servers. In my lab its using a static config but in reality you would use a CM, puppet, chef, salt, ansible or automatically generate the config using a handy add-on consul-template.

The local consul binary deals with health-checks, nice, immediately a distributed system.  The consul servers (min of 3) run in a clustered mode which the local consul agent is aware of so theres registry HA built in.

In summary pretty impressed with consul, it's early days but something to keep an eye on.

But back to Docker.

Docker in itself is not yet a one stop shop, maybe its not supposed to be, but other players are entering the game to add to the package and I think will continue to.  Is Docker a death bell to virtualisation? If your a web scale company and all you do is web services then yes, it probably is.  For the enterprise or shops that are not developing apps then probably not.  But you can of course run Docker on hypervisors.

It also requires the dev teams to shift their model.  I know lots of places are SOA and micro services, but lots aren't.  Docker to them is not that magic pill.

Something that hadn't occurred to me until I watched this talk AppSec is eating security is the security benefits containerization brings.  The host can be a massively cut down OS and each container only contains the bare minimum to run the services.  The service also has no state, its IP is dynamic, it has no fixed abode.  The attack surface is not only reduced it becomes all slippery.  Patching also (in theory, and if you code correctly) a breeze.

But on the flip side :

Docker is potentially a game changer, but not without work and consideration.

A decent book is The Docker Book: Containerization is the new virtualization

Wednesday, 20 May 2015

Firefox on Kali

This dropped into my twitter TL - Installing Firefox on Kali Linux which was perfect timing as I'd tried do this the previous day.

NB// If like me you ignore the part about un-installing Iceweasel you'll end up with an apt-get error message of 'half-installed' for FF.

Go back, remove Iceweasel and then :
apt-get install --reinstall firefox-mozilla-build
I also needed to manually edit the sources.list as the cut and past didn't work.  You entry should look like :
deb all main

Friday, 24 April 2015

Setting System Wide Proxy on Ubuntu

Put your export settings in /etc/environment


Friday, 10 April 2015

OSX Keyboard Media Keys Stopped Working in iTunes

For me the Chrome Google play extension had stolen the functions.

Chrome | Settings | Extensions & scroll to the bottom of the page | Keyboard Shortcuts

Thursday, 2 April 2015

Docker, CentOS & a Proxy all walk into a pub

CentOS 7.1 behind SQUID Proxy.  Docker install using YUM.

docker info

FATA[0000] Get http:///var/run/docker.sock/v1.18/images/search?term=apache: dial unix /var/run/docker.sock: no such file or directory. Are you trying to connect to a TLS-enabled daemon without TLS?

Followed the official instructions @ which seemed to fix docker info but subsequent

docker search <name>

would fail with :

FATA[0127] Error response from daemon: Get dial tcp connection timed out

Tried setting the environment variable manually and also running the command inline

https_proxy=http://<server>:<port> docker search <name>

Stumbled across a blog suggesting adding environment variables to /etc/sysconfig/docker

 export HTTP_PROXY HTTPS_PROXY http_proxy https_proxy   

Problem fixed

Tuesday, 3 February 2015

Error when installing Windows 8 "The computer restarted unexpectedly or encountered an unexpected error. Windows installation cannot proceed."

If your getting this error then when presented with the message :
  1. Press SHIFT+F10
  2. In the black command window type : regedit  & enter
  4. Double click on ChildCompletion and change the data from 1 to 3
  5. Press OK on the initial error message

Monday, 12 January 2015

QNAP TS-509 & NetGear GS716T Port Trunk

I don't particularly need a 2GB trunk from the NAS but a recent switch upgrade to a NetGear managed switch, GS716T (which for £120 is bloody good value) gave me the option.

Set the NAS for bonded 802.3ad & created the LAG group on the switch.  Easy.

Two days later I noticed my Windows machines had lost their SMB mounts, Linux boxes all fine. Disabling one of the NAS bonded ports brought it all back.

I suspected some kind of ARP timeout.  Switched the LAG port from STATIC to LACP and all was well.  And has remained so.  No idea why Windows was FUBAR and not Linux and without cracking open Wireshark I can only guess.

Wednesday, 7 January 2015

Wordpress (WPMU) Migrate & Domain Change

Goal : Using my existing provider create a Dev env of a Wordpress multisite deployment.

Prod site was two simple sites, 4-5 pages in each.  Minimal plugins.  Eventually fell upon Duplicator from Life in the Grid.

Documentation is decent and I had no issues until I started the deploy on the destination.  The decompression failed with a PHP error when I ran installer.php.  I followed the FAQ and the manual extraction process which worked fine, upload the decompressed files and archive, run the installer.php and follow the prompts.

Site 'duplicated' and working! ... almost.  The primary network site worked fine second site down.  Changed the url via the WP Network Site Admin and created the equiv subdomain entry which allowed me to browse to the second site.  Progress!

Main site :
Second site :

And then the fall.  Trying to access the WP-Admin for the second site put me into the [in]famous Wordpress login loop.  Heres a nice write up -

Followed a ton of links and tried all the suggestions with no success.  Went through the db with a forensic microscope in case a URL rename had been missed, all with no joy.  Eventually I decided to create a new site and see what the results were.  If it failed I knew it would be more WPMU than the second site setup.

Setting up site3 it was created as .. oh a sub sub domain.  The light bulb went off but I carried on.  Site3 worked fine.

Changed my second site & DNS entry to .. Golden.

Saturday, 22 November 2014

WordPress MultiSite Admin Slow

After upgrading from 3 -> 4 the admin panel became utterly unusable. 20-30 seconds on any action.

Found -

And for me :
Manually run /wp-admin/upgrade.php
UPDATE 25/1/2015 - Also had to do this for 4.0 -> 4.1 Upgrade

RaspberryPI / Motion & Multiple USB Cameras

Playing around with Motion on Raspian.  Motion was simple to setup with a single camera but when I added a second and switched to the thread config files I started to get :

Unable to query input 1 VIDIOC_ENUMINPUT: Invalid argument
Tracked it to a setting in the default thread2.conf
# The video input to be used (default: 8)
# Should normally be set to 1 for video/TV cards, and 8 for USB cameras
input 1
Change the input to 8 and all is well

Friday, 7 November 2014

CentOS 7 Missing ifconfig command

CentOS 7 no longer ships with the command/s.  You can install via yum
sudo yum install net-tools

Friday, 26 September 2014

Add a static route to QNAP NAS

Can't be done via the GUI so you need to use some CLI foo.  You can set a route temporarily via the shell but in order for it to remain persistent you need to edit the startup script.

1 - Connect via ssh to your device
2 - Mount the QNAP Configuration

The name of the actual device to mount depends on your model number. In general for x86-based systems this should be /dev/sdx6. For Marvell ARM based models it should be /dev/mtdblock5 or /dev/mtdblock4.
[~] # mount -t ext2 /dev/sdx6 /tmp/config

2 - Create or adapt

A shell script called “” will be executed by your QNAP storage system on every startup. It might be possible that file currently does not exist so just go ahead and create it with your favorite text editor, or the whatever is installed.
route add -net <subnet> netmask <mask> gw <gw_ip_addr>
3 - Make sure that is executable
In order to be executable during startup, we will have to set the executable flag for “”:
[~] # ls -al /tmp/config/
-rw-r--r--    1 admin    administ       60 May 11 17:43 /tmp/config/*
[~] #
[~] # chmod +x /tmp/config/
[~] #
[~] # ls -al /tmp/config/
-rwxr-xr-x    1 admin    administ       60 May 11 17:43 /tmp/config/*
[~] #
4 - Unmount the config
[~]# Unmount /tmp/config

Sunday, 17 August 2014

OSX Proxy [on/off] Script


e=$(networksetup -getwebproxy wi-fi | grep "No")

if [ -n "$e" ]; then
  echo "Turning on proxy"
#  sudo networksetup -setstreamingproxystate wi-fi on
#  sudo networksetup -setsocksfirewallproxystate wi-fi on
  sudo networksetup -setwebproxystate wi-fi on
  sudo networksetup -setsecurewebproxystate wi-fi on
  echo "Turning off proxy"
#  sudo networksetup -setstreamingproxystate wi-fi off
#  sudo networksetup -setsocksfirewallproxystate wi-fi off
  sudo networksetup -setwebproxystate wi-fi off
  sudo networksetup -setsecurewebproxystate wi-fi off


Wednesday, 23 July 2014

Extend Windows 7 VirtualBox Disk

  1. Use the VirtualBox client to create a new disk of the size you want in the same directory as your guest.
  2. Clone the old disk to the new.  Open a command prompt, navigate to the guest directory and run :
  3. VBoxManage clonehd   --existing
  4. Attach the new disk to the guest and detach the old disk.  Ensure the new disk is first in the list / SATA 0
  5. Guest should now boot up.  If you find it asks you to select a boot disk then the order is incorrect as per step 3
  6. Open Windows disk manager, It will currently show the old size with #GB free.  Right click, extend, follow the prompts.
  7. Confirm everything is good and you can delete the old disk.
Thats it, you're done ...

Thursday, 19 June 2014

Re-enable the Apple-provided Java SE 6 web plug-in and Web Start features

Use this at your own risk as Apple, and most people distrust JAVA.

Taken from

  1. Open Terminal, located in the Utilities folder.
  2. Enter this command, then press the Return or Enter key: 
    sudo mkdir -p /Library/Internet\ Plug-Ins/disabled 
  3. Enter this command, then press the Return or Enter key:
    sudo mv /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin /Library/Internet\ Plug-Ins/disabled
  4. Enter this command, then press the Return or Enter key:
    sudo ln -sf /System/Library/Java/Support/Deploy.bundle/Contents/Resources/JavaPlugin2_NPAPI.plugin /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin 
  5. To re-enable Java SE 6 Web Start, enter this command, then press the Return or Enter key:
    sudo ln -sf /System/Library/Frameworks/JavaVM.framework/Commands/javaws /usr/bin/javaws

Additional Information

The following steps will undo the above commands and restore Java 7 in OS X Lion and later.
  1. Disable Java SE 6 Web Start opening:
    • Enter this command, then press the Return or Enter key:
    • sudo ln -sf /System/Library/Frameworks/JavaVM.framework/Versions/Current/Commands/javaws /usr/bin/javaws
    • When prompted, enter your administrator password, then press the Return or Enter key.
  2. Re-enable the Java 7 applet plug-in by downloading and reinstalling the latest version of Oracle Java 7 JRE.

Thursday, 5 June 2014

Basic Syslog-NG Install & Config

Ubuntu OS, apt syslog-ng install & added the following lines to get a basic UDP server running.

options { 
<Keep all the default Options>
source s_net { 
udp(ip( port(514));

destination d_any_remote {

log {
source(s_net); destination(d_any_remote);

Sunday, 20 April 2014

Flash, Chrome & an Atom CPU all walk into a pub

Tried to watch something on 4OD catchup via my HTPC (Zotac ION ATOM 1.6) last week.  Dreadful., choppy and stuttering, in the end I gave up.

Today I decided to debug and see if I could fix it.

Firstly browsing in general also seemed slow.  Hit a well known bandwidth testing site and it was reporting 70-80ms latency.  Odd as no other device in the house showed the same problem, all in the 27-35ms range.

Spent a ton of time looking into this starting with networking\drivers being the source of the problem as it, even started packet tracing!   CLI pings all seemed fine, file download comparisons, all fine.  Finally, and I mean after a day of screwing around and almost a total rebuild, I cleared the cache on Chrome.  Bingo, latency fixed.  WTF! ..

Chrome and pepperflash were throwing the bandwidth test out, and guess what 4OD, flash site .. I think I have found the issue.

Seems like any flash site on Chrome pushes the CPU, on the ATOM its just too much, 90-100% .. Same on my desktop but its a way faster CPU so copes.  Never really appreciated what a great job flashblock does for me.

Switched to Firefox & Adobe Flash and all is well again .. for now