Dr Clèm's Blog

How to fix a broken LXD server due to fail snap auto-refresh

Sunday Aug 16, 2020 15:37, last edition on Sunday Aug 16, 2020 15:42

For my Linux containers, I am using LXD. The recommended way to install LXD is Snap, which updates daily. Few days ago, the last release of LXD has been released and the update started automatically. For the next two following days, I experienced timeout on my virtual servers. I also noticed at lot of input/output (I/O) on the hard drives. I started to investigate. I identified, using Htop among other tools like Netdata, that the process snapd, from Snap, was using 100% of the hard drives and all the I/O were on the /var/ partition. Using the command snap watch --last auto-refresh, I saw that the update stated more than two days ago and was stuck at the step Copy snap "lxd" data. I aborted the ongoing procedure but I ended up with a completely broken LXD. Hopefully, on Linux Containers forum, I found someone with the same, or at least similar enough, issue.

You can try to automate snap in offline mode. Make sure your host is not connected to the internet. This is definitely recommended for hypervisors and therefore also the LXD hosts. (my opinion for LXD hosts)

Download snap somewhere else with:
snap download lxd

Copy the files to your LXD node and install the snap:
snap ack <package.assert>
snap install <package.snap>

Linux Containers

It saved my day! At least, what was left ot it. It is at least the second time that this issue happens to me and it appears to impact other user. Unfortunately, it is a sign that LXD is not ready for production environment which requires stability. It is also a reminder that I need to find a way to backup LXD.

Taille d'une image, et plus, en ligne de commande

Thursday Jul 30, 2020 14:02

Je viens de découvrir la commande file. Celle-ci permet d'obtenir des informations rudimentaires sur un fichier. Par exemple

% file template-xenial.cfg template-xenial.cfg: ASCII text
Pour les images PNG, cette commande retourne notamment le nombre de pixels dans chaque direction
% file firefox.svg.png
firefox.svg.png: PNG image data, 2000 x 3135, 8-bit/color RGBA, non-interlaced
J'essayerai d'utiliser cette commande pour créer les champs Open Graph protocol de mes notes de blog.

Activer le plugin IPv6 dans AWStats

Tuesday Jul 28, 2020 15:46, last edition on Tuesday Jul 28, 2020 15:51

Dans AWStats, si à l’exécution de

/usr/lib/cgi-bin/awstats.pl -config=domain.tld -update
vous avez des retours sur l'impossibilité d'effectuer la résolution DNS inverse des IPv6, cela veut dire que le plugin IPv6 n'est pas activé. Ce plugin dépend de deux modules, Net::IP and Net::DNS. Sur Ubuntu, il est possible des les installer avec APT
% apt install libnet-ip-perl libnet-dns-perl
Pour activer le plugin avec Vim, vous devez ouvrir le fichier de configuration du virtual host /etc/awstats/awstats.domain.tld.conf et entrer la commande
La commande
/usr/lib/cgi-bin/awstats.pl -config=domain.tld -update
devrait normalement s’exécuter normalement.

Vim : Ajouter en fin de ligne et utiliser le texte yanked dans une commande

Tuesday Jul 28, 2020 12:02

Je vous présente deux petites astuces avec Vim.

Ajouter en fin de ligne

Pour ajouter en fin de ligne, il suffit de remplacer $, qui signifie fin de ligne, par ce que vous voulez ajouter. Je l'utilise pour écrire sur ce blog, par exemple pour ajouter des balises <br> lorsque je copie colle de longues sorties de terminal. Par exemple

Ajoutera a à la fin, $ de chaque ligne du fichier, %.

utiliser le texte yanked dans une commande

Lorsque l'on cherche à faire des substitution ou lorsque l'on veut chercher un élément assez long, il arrive fréquemment qu'il soit pratique de copier coller le texte depuis la zone de texte vers l'interface en ligne de commande. Pour réaliser cette action, il faut yank le texte, rentrer de commencer à écrire sa commande avec :, puis pour coller, put, il faut faire Ctrl+R puis ".


Wednesday Nov 08, 2017 00:54

I wrote a new piece of code to generate a RSS feed from a MySQL database. I named it MySQLiToRSS. It is a PHP file that generate a RSS 2.0 feed. It is licensed under GPLv3. It handles sorting by date, the use of HTML in the description of an item, which allow to render the article as it appears in the feed reader, excepted for the CSS sheets, and multitag articles. It is based on Version 2.0.11 of the RSS 2.0 specification, the most up to date at the time of writing this software. Some optional items are missing because I do not use them. I might add them later (some or all). I will be pleased to add optional items if requested.


Wednesday Nov 08, 2017 00:05

I'm proud to announce my first (free) software, SHA1BruteForce, that performs brute-force attack to crack SHA-1 hash.
Page of the project


After my 10yo Firefox session crashed, I lost a password stored in it. But, I managed to find the hash and it turns out to be a SHA-1 hash (software installed in 2009 on my server). I could change it, I guess, but I knew that SHA-1 is now considered as a weak encryption (although the first real collision is from February), so I challenged myself to recover it by writing a piece of code that do the job. It took me a bit more than a day to achieve a working code.
After, I began to optimized it and to have fundamental questioning about C++.

It is pretty simple and it seems to perform well. It takes about 4h to crack any 6 characters password on my computer. So I decided to publish it on my server, which was not as simple as I expected.
But I also have account in the main git platforms.
So I also published it on GitHub, GitLab and FramaGit, more know by the French.

It is licensed under GPL3.

It performs the tasks on the CPU only. GPU implementation does not seems possible at the time using only free software. Indeed, CUDA required the proprietary drivers and OpenCL does not seems to work properly with Nouveau (last version of the Linux kernel, i.e.4.13, on Ubuntu 16.04). But I want to use only free software (and I cannot install Nvidia drivers anyway, they do not work on my system).

It is not a revolutionary tools that intends to bit existing ones. I did it for myself and share it for anyone interested.

It is my first published code, so there are most likely some improvements to do on how to write the manual, how to write the code so it can be used by others, how I should comment it, and so on. The same goes for the code itself. Feel free to comment, share, submit commits, report bugs, etc.

Dr Clément Février

Bonjour, Je suis Clément Février, docteur en physique théorique de l’université de Grenoble Alpes, ingénieur Recherche et Développement dans le domaine de l’imagerie médicale et de la chirurgie mini-invasive chez Surgivisio et soutien du mouvement La France Insoumise.

Non, mais je rêve. La faille de sécurité Windows CVE-2021-40444 ne touche que le moteur de rendu d'Internet Explorer, pas celui de Edge. Donc, ça semblait cool sauf pour les très vieux Windows ? Sauf que Office utilise toujours le moteur de rendu d'Internet Explorer (oui, il y a un navigateur Web dans le tableur et dans le traitement de texte) et est donc vulnérable, et cette faille est exploitée (on ouvre le document vérolé et paf).