sup all

so i’ve been working with a fortiswitch 224d-poe at home for a while when the thing went bat shit on me. When i tried to access the admin console i realized that i had forgotten the password. Below are the steps i used for wiping switch back to factory default with latest (as of time of writing) firmware.

first things first, make sure that you have a properly pinned console cable :
click image to enlarge

then set up a tftp server. i used tftp-hpa in a non-daemonized mode since i only needed it for one time usage.

next restart the switch with console. i did this below:
sorry for the awful pics but it was 0400 in the morning when i did this
click image to enlarge

since the default and data2 partitions were formatted and saved as default, this caused the factory default settings to be enabled.

once this was done:
click image to enlarge

and voila. back to defaults and regained access to the switch.


hello all

just returned from hacker summer camp and have acquired a couple of new yubikeys specifically the four and the four nano and have been configuring them in my gentoo install just for login.

below are the steps to set this up in gentoo and pam for required authentication. this article assumes that you have already configured your yubikeys so i will not go through how to config them.

the first bunch of packages that we have to install :

[I] sys-auth/pam_u2f
     Available versions:  (~)1.0.4 {debug}
     Installed versions:  1.0.4(03:25:01 PM 08/10/2016)(-debug)
     Homepage:            https://github.com/Yubico/pam-u2f
     Description:         Library for authenticating against PAM with a Yubikey

[I] sys-auth/pam_yubico
     Available versions:  (~)2.17-r1 (~)2.19-r1 {ldap test}
     Installed versions:  2.19-r1(02:36:23 PM 08/10/2016)(-ldap -test)
     Homepage:            https://github.com/Yubico/yubico-pam
     Description:         Library for authenticating against PAM with a Yubikey

so the emerge line would be sudo emerge -av pam_u2f pam_yubico

once that is installed we are going to create /etc/pam.d/yubico with the contents of :
auth required pam_u2f.so cue interactive

and now we need to create the u2f_keys file under ${HOME}/.config/Yubico using the pamu2cfg utility:
sudo pamu2fcfg -u $(logname) >> ${HOME}/.config/Yubico/u2f_keys

double check this file if you are putting in more than one entry to ensure that each line is separate.

once this is done, we are going edit bot /etc/pam.d/login and /etc/pam.d/passwd and add to both the line:
auth include yubico

once everything is saved, lets test it by pressing alt + ctrl + f2 — this will open a new session without logging you out.

and bam. fully set up.


Sup all

I have been working on an easy way to enable my local laptop to have 2FA using the google authenticator and it turned out to be easier.

All these steps were done on Gentoo installs, but should translate easily to non-gentoo ditro’s

This is the google-authenticator module that we are installing:

% eix google-authenticator
[I] sys-auth/google-authenticator
     Available versions:  (~)1.01_pre20160307231538 **9999
     Installed versions:  1.01_pre20160307231538(02:41:56 PM 07/05/2016)
     Homepage:            https://github.com/google/google-authenticator
     Description:         PAM Module for two step verification via mobile platform

which we will install like so:
sudo emerge -av google-authenticator
this is the same as sudo apt-get install or sudo yum install

then we will run: google-authenticator as the regular user which should give you a screen similar to this:

Now, either copy that url into a browser to generate a qr code that will scan in the google authenticator app, or use the secret key and input that into your authenticator app. Don’t forget to save the temp codes that it gave you to somewhere safe in case you lose your authenticator device.

Once that is done, we are going to add the line:auth required pam_google_authenticator.so to /etc/pam.d/passwd, /etc/pam.d/login, and /etc/pam.d/sshd

[cbodden:/etc/pam.d] % egrep google *
login:auth         required     pam_google_authenticator.so
passwd:auth        required     pam_google_authenticator.so
sshd:auth       required     pam_google_authenticator.so

Depending in what order you place this new line in these files, you can ask for the verification code before or after your actual password.

Since i do not use a login manager, i would assume that you would also have to add that line to any files associated with your login manager under /etc/pam.d.

For ssh usage, we have to change ChallengeResponseAuthentication yes to uncommented and yes in /etc/sshd/sshd_config, then restart (/etc/init.d/sshd restart) sshd.

Now lets test. Press Alt+Ctrl+F2 (assuming you are using tty7 for your xwindows system), this should give you a login prompt. Test a login.

Good to go.


Whats up all,

Its been a while since i have posted but whatever.

Lately i have started to rewrite a chunk of the multiboot creator script located here.

One of the main things that i have rewritten is the OS selection section.

Here is what i wrote months ago.
As you can see, it is messy and just doesnt make sense. Plus, you have to go through every operating system to say either yes or no which, if more OS’s get added, is a giant time suck.

Here is the mostly rewritten selection handler

And here is a screen shot of the output it produces:
Click to enlarge

EDIT 2016-06-29:
Here is a gif view of the initial selection process:
Click to view

as you can see, its now a selectable list that is color coded according to whether the “OS_INSTALL” flag is either on or off in the shlib / os files.

i am happier with this than the previous method of cycling through to select.


I got very bored a couple of nights ago and decided i wanted to play some classic video games, so i dug out an old rpi and installed retropie along with all the atari, nes, snes, and sega mastersystem games i could find.

Here are some shots of this:

the hardware:
Click to enlarge.
the hardware you see there is the rpi, a mophie battery, and an hhkb pro keyboard. its the simple little things.

initial update:
Click to enlarge.

initial graphical bootup (no password and straight to playable menu):
Click to enlarge.

and fully running in ssh:
Click to enlarge.

all of this works without many issues using some old wired xbox360 sticks.


Test was of my fios connection over wifi to my phone.


’nuff said.


Needed to transfer about 450gb to one of my servers:


status_rrd_graph_img (1)

status_rrd_graph_img (2)

Ugh. So tite.


Hey everyone

After much irc battle and getting shut up by this person a couple of times, i have asked my friend ch3ll to start contributing to this site.

She is bad ass and knowledgable.

give her a warm welcome.


sup people

i wanted to write a quick article on why i love folds in vim especially in config files.

vim folding gives you the ability to temporarily hide parts of files while leaving only certain lines visible. this helps a ton when you are elbow deep in the muck that are certain files.

i will show you an example of unfolded config files then an example of it cleaned up with folds and also offer some explanations.

Unfolded tmux config:
Screen Shot 2016-01-27 at 13.59.21
Click to enlarge
As you can see above, its not bad but its just a ton of stuff that would require a bit of back and forth with searching and not really knowing where things are.
Here is the original .tmux.conf before cleaning up a bit in github.

Here is the folded tmux config:
Screen Shot 2016-01-27 at 14.02.54
Click to enlarge
Now what you see are defined sections that are a bunch easier to get back and forth on and its also hiding the cruft.
Here is the updated .tmux.conf after clean up.

Some the the folding magic is done here:

## Modeline and Notes {
# vim: set foldmarker={,} foldlevel=0 spell:
# }

The key bit being foldmarker which states that the folds occurs in the brackets. But since in this config file the brackets would make the conf file fail, i put the brackets after hash marks to comment them out.

pretty straight forward.

Then controlling the folds with Vim folding commands:

zf#j creates a fold from the cursor down # lines.
zf/string creates a fold from the cursor to string .
zj moves the cursor to the next fold.
zk moves the cursor to the previous fold.
zo opens a fold at the cursor.
zO opens all folds at the cursor.
zm increases the foldlevel by one.
zM closes all open folds.
zr decreases the foldlevel by one.
zR decreases the foldlevel to zero -- all folds will be open.
zd deletes the fold at the cursor.
zE deletes all folds.
[z move to start of open fold.
]z move to end of open fold.

this was taken from here

again, pretty straight forward.


since i had to rebuild some stuff on my laptop, i wanted to see how long it took to get to the login prompt and since i dont use a login manager i have to specifically run :

pybootchartgui --crop-after=login


Click to enlarge:

What bootchart doesn.t show you is that its actually 12 seconds until i have the login prompt.