Sup all

so i finally decided to have a command run every time my terminal goes idle. after some searching, here is what i have come up with:
lock-after-time && lock-command

from the man pages:

lock-after-time number
        Lock the session (like the lock-session command) after number seconds of inactivity.  The default is not to lock (set to 0).
lock-command shell-command
        Command to run when locking each client.  The default is to run lock(1) with -np.

so in my .tmux.rc :

set -g lock-after-time 360
set -g lock-command "/usr/bin/asciiquarium"

asciiquarium is set to start after 6 minutes.


now that i am back in i have decided to post an updated screenshot of the status page for no real reason.

Click to enlarge


sup all

so i’ve been working with a fortiswitch 224d-poe at home for a while when the thing went bat shit on me. When i tried to access the admin console i realized that i had forgotten the password. Below are the steps i used for wiping switch back to factory default with latest (as of time of writing) firmware.

first things first, make sure that you have a properly pinned console cable :
click image to enlarge

then set up a tftp server. i used tftp-hpa in a non-daemonized mode since i only needed it for one time usage.

next restart the switch with console. i did this below:
sorry for the awful pics but it was 0400 in the morning when i did this
click image to enlarge

since the default and data2 partitions were formatted and saved as default, this caused the factory default settings to be enabled.

once this was done:
click image to enlarge

and voila. back to defaults and regained access to the switch.


hello all

just returned from hacker summer camp and have acquired a couple of new yubikeys specifically the four and the four nano and have been configuring them in my gentoo install just for login.

below are the steps to set this up in gentoo and pam for required authentication. this article assumes that you have already configured your yubikeys so i will not go through how to config them.

the first bunch of packages that we have to install :

[I] sys-auth/pam_u2f
     Available versions:  (~)1.0.4 {debug}
     Installed versions:  1.0.4(03:25:01 PM 08/10/2016)(-debug)
     Homepage:            https://github.com/Yubico/pam-u2f
     Description:         Library for authenticating against PAM with a Yubikey

[I] sys-auth/pam_yubico
     Available versions:  (~)2.17-r1 (~)2.19-r1 {ldap test}
     Installed versions:  2.19-r1(02:36:23 PM 08/10/2016)(-ldap -test)
     Homepage:            https://github.com/Yubico/yubico-pam
     Description:         Library for authenticating against PAM with a Yubikey

so the emerge line would be sudo emerge -av pam_u2f pam_yubico

once that is installed we are going to create /etc/pam.d/yubico with the contents of :
auth required pam_u2f.so cue interactive

and now we need to create the u2f_keys file under ${HOME}/.config/Yubico using the pamu2cfg utility:
sudo pamu2fcfg -u $(logname) >> ${HOME}/.config/Yubico/u2f_keys

double check this file if you are putting in more than one entry to ensure that each line is separate.

once this is done, we are going edit bot /etc/pam.d/login and /etc/pam.d/passwd and add to both the line:
auth include yubico

once everything is saved, lets test it by pressing alt + ctrl + f2 — this will open a new session without logging you out.

and bam. fully set up.


Sup all

I have been working on an easy way to enable my local laptop to have 2FA using the google authenticator and it turned out to be easier.

All these steps were done on Gentoo installs, but should translate easily to non-gentoo ditro’s

This is the google-authenticator module that we are installing:

% eix google-authenticator
[I] sys-auth/google-authenticator
     Available versions:  (~)1.01_pre20160307231538 **9999
     Installed versions:  1.01_pre20160307231538(02:41:56 PM 07/05/2016)
     Homepage:            https://github.com/google/google-authenticator
     Description:         PAM Module for two step verification via mobile platform

which we will install like so:
sudo emerge -av google-authenticator
this is the same as sudo apt-get install or sudo yum install

then we will run: google-authenticator as the regular user which should give you a screen similar to this:

Now, either copy that url into a browser to generate a qr code that will scan in the google authenticator app, or use the secret key and input that into your authenticator app. Don’t forget to save the temp codes that it gave you to somewhere safe in case you lose your authenticator device.

Once that is done, we are going to add the line:auth required pam_google_authenticator.so to /etc/pam.d/passwd, /etc/pam.d/login, and /etc/pam.d/sshd

[cbodden:/etc/pam.d] % egrep google *
login:auth         required     pam_google_authenticator.so
passwd:auth        required     pam_google_authenticator.so
sshd:auth       required     pam_google_authenticator.so

Depending in what order you place this new line in these files, you can ask for the verification code before or after your actual password.

Since i do not use a login manager, i would assume that you would also have to add that line to any files associated with your login manager under /etc/pam.d.

For ssh usage, we have to change ChallengeResponseAuthentication yes to uncommented and yes in /etc/sshd/sshd_config, then restart (/etc/init.d/sshd restart) sshd.

Now lets test. Press Alt+Ctrl+F2 (assuming you are using tty7 for your xwindows system), this should give you a login prompt. Test a login.

Good to go.


Whats up all,

Its been a while since i have posted but whatever.

Lately i have started to rewrite a chunk of the multiboot creator script located here.

One of the main things that i have rewritten is the OS selection section.

Here is what i wrote months ago.
As you can see, it is messy and just doesnt make sense. Plus, you have to go through every operating system to say either yes or no which, if more OS’s get added, is a giant time suck.

Here is the mostly rewritten selection handler

And here is a screen shot of the output it produces:
Click to enlarge

EDIT 2016-06-29:
Here is a gif view of the initial selection process:
Click to view

as you can see, its now a selectable list that is color coded according to whether the “OS_INSTALL” flag is either on or off in the shlib / os files.

i am happier with this than the previous method of cycling through to select.


I got very bored a couple of nights ago and decided i wanted to play some classic video games, so i dug out an old rpi and installed retropie along with all the atari, nes, snes, and sega mastersystem games i could find.

Here are some shots of this:

the hardware:
Click to enlarge.
the hardware you see there is the rpi, a mophie battery, and an hhkb pro keyboard. its the simple little things.

initial update:
Click to enlarge.

initial graphical bootup (no password and straight to playable menu):
Click to enlarge.

and fully running in ssh:
Click to enlarge.

all of this works without many issues using some old wired xbox360 sticks.


Test was of my fios connection over wifi to my phone.


’nuff said.


Needed to transfer about 450gb to one of my servers:


status_rrd_graph_img (1)

status_rrd_graph_img (2)

Ugh. So tite.


Hey everyone

After much irc battle and getting shut up by this person a couple of times, i have asked my friend ch3ll to start contributing to this site.

She is bad ass and knowledgable.

give her a warm welcome.