Posts for year 2020
Set Firefox to Default Browser in xdg Settings
If you use firefox nightly and chromium you've likely ran into the issue where some apps launch chromium as the default browser for URLs. This is ultimately due to firefox nightly not having a true installer which would create the firefox.desktop file that xdg-settings uses to set/determine the browser to open on xdg-open events.
To verify the current settings you can use: xdg-settings get default-web-browser
which will likely return chromium.desktop
.
To change this, you will need to create a firefox.desktop
file and use the xdg-settings command:
- in a terminal, clear BROWSER:
export BROWSER=""
- just to make sure it is not set which can cause other issues
- create a firefox.desktop file in
/usr/share/applications/
with the following content:
[Desktop Entry] Version=1.0 Name=Firefox Browser GenericName=Web Browser Comment=Access the Internet Exec=/PATH_TO_FIREFOX_BIN/firefox %U StartupNotify=true Terminal=false Icon=firefox-browser Type=Application Categories=Network;WebBrowser; MimeType=text/html;text/xml;application/xhtml_xml;image/webp;x-scheme-handler/http;x-scheme-handler/https;x-sch> Actions=new-window;new-private-window; [Desktop Action new-window] Name=New Window Exec=/PATH_TO_FIREFOX_BIN/firefox [Desktop Action new-private-window] Name=New Incognito Window Exec=/PATH_TO_FIREFOX_BIN/firefox --incognito
NOTE: you will need to change /PATH_TO_FIREFOX_BIN/ to the path to your firefox binary.
- change xdg to use firefox:
xdg-settings set default-web-browser firefox.desktop
- check xdg setting:
xdg-settings get default-web-browser
- test the change:
xdg-open "http://dradux.com"
- this should open the URL in firefox
Also note you should check the default application (update-alternatives) gnome and default browsers settings:
- default:
update-alternatives --config x-www-browser
- gnome:
update-alternatives --config gnome-www-browser
- kde: check System Settings > Applications > Default Applications > Web Browser
Links
Graylog Syslog Grok Extractor
I have several apps in my k8s cluster which run behind a lighttpd web server where I wanted the access logs to be sent to graylog. The setup of lighttpd is relatively basic:
# /etc/lighttpd/lighttpd.conf
var.basedir = "/var/www/localhost"
var.logdir = "/var/log/lighttpd"
var.statedir = "/var/lib/lighttpd"
server.modules = (
"mod_alias",
"mod_accesslog",
"mod_magnet"
)
include "mime-types.conf"
server.username = "lighttpd"
server.groupname = "lighttpd"
server.port = 80
server.document-root = var.basedir + "/htdocs"
server.pid-file = "/run/lighttpd.pid"
server.indexfiles = ("index.html")
server.errorlog-use-syslog = "enable"
accesslog.use-syslog = "enable"
Next we need to tell rsyslog to send logs to graylog:
# /etc/rsyslog.d/dxc-graylog.conf
*.* @graylog-udp.graylog.svc.cluster.local:5410;RSYSLOG_SyslogProtocol23Format
Note that you will need to change the URL and port to match the graylog syslog URL and port you have. Also notice that we are using RSYSLOG_SyslogProtocol23Format
format. This results in a log message with a message
value similar to the following in graylog:
10.33.1.106 10.42.2.9 - [28/Oct/2020:06:28:06 -0400] "GET / HTTP/1.1" 200 6341 "-" "kube-probe/1.16"
This should all work; however, we would like to have the message
parsed - enter the grok pattern! In Graylog, go to your Syslog Input and click Manage Extractors. Add an Extractor with the following info:
- select extractor type for the
message
field with a Grok Pattern - enter grok pattern:
%{SYSLOGHOST:host} %{SYSLOGHOST:referer} - \[%{HTTPDATE:timestamp}\] "(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})" %{NUMBER:response} (?:%{NUMBER:bytes}|-) %{QS:referrer} %{QS:agent}
- Condition: Always try to extract
- Extraction strategy: Copy
- Extractor title: RFC5424
- click the Create extractor
That should be all that is needed, go to your syslog stream and check (make sure you pick a message that came in after you created the extractor) to ensure the new fields are being created!
Minimalistic Coding Standard
Minimalistic applications require sound design and development which produce applications that are easier to run, use, support, and maintain over the life of the application.
The Minimalistic Coding Standard (MCS) is a simple coding (design, development, deployment) philosophy which emphasizes minimalism in all aspects of coding.
Core concepts of MCS:
- simple over complex
- one good way over multiple ways
- simply secure over not
KIM = Keep it minimal
Setup SAR on Alpine Linux
There are several good articles on setting up SAR
for debian (sar on ubuntu/debian) and redhat systems but I could find few on Alpine (perhaps because it is simple).
In any event, here's my process for setting up sar to run periodically via cron to track server stats.
Install
Install with: apk add sysstat
Setup
Not a lot of setup is required, you may want to review the /etc/sysconfig/sysstat
file for options.
Running Via cron
Create a cron task as you like to kick off sar periodically, the following will run sar every 2 minutes.
# Run sar to gather stats */2 * * * * /usr/lib/sa/sa1 1 1 # Additional run at 23:59 to rotate the statistics file 59 23 * * * /usr/lib/sa/sa1 60 2
Logs
Alpine's sysstats logs are in /var/log/sa
spw - simple, light, cli password manager
spw is a python application that stores and retrieves passwords in a secure maner. spw is designed to be quick, light on resources/dependencies, and command line/script driven.
Passwords are stored in an encrypted format using PKCS1_OAEP encryption. This means you use a public and private key to encrypt and decrypt items stored within the store. This is a secure method of password storage and there is virtually no chance someone (including yourself) can view decrypted passwords without the private key.
spw is intended to provide a secure mechanism to store (and more importantly retrieve) passwords. spw's command-line interface allows easy integration into openbox's keyboard shortcut functionality (or similar tools). spw provides an easy mechanism for copying a password to the clipboard (e.g. C+A+j will copy the gmail junk account's password to your clipboard). - spw - about
I have used spw daily for several years, the password generator is extremely useful/quick to generate passwords!