i see packets...
While studying for the GCIA certification, I put together the following reference to be able to eyeball packets and see at a glance what's inside a hex packet dump.
complex event processing to detect click fraud
Here's another use-case for CEP: Detecting uniqueness over time. A use-case for this type of pattern is identifying click fraud.
Once more, to see how to get everything up and running, see my previous posts.
In our fictitious scenario, we're going to assume we want to see a stream of incoming data filtered to only output unique data given a subset of uniqueness over a 24 hour period.
complex event processing for fun and profit part deux
In the first instalment, we saw how to use simple moving average. That's just too easy.
Let's do something more complex to see how things pan out.
Read morecomplex event processing for fun and profit
As an exercise to keep my mind nimble, here.s a write-up on how to use the power of computers to take over the world by out-foxing those slow moving meatbags who do stock trading and compete with skynet on making the most possible profit.
The pieces of this puzzle are:
- A messaging backbone (we.ll use AMQP with the RabbitMQ broker)
- A complex event processing engine (Esper)
- A way to express our greed (EPL statements)
- A software that ties this all together called new-hope (partially written by yours truly)
- A feed of stock prices
- An app to view the actions we must take.
Let's get everything installed.
On centos with the EPEL repo available:
Read morecreating forensic images
Often reading big disks is a time consuming endeavor. To minimize the number of times you need to read the data, here's a tip for reading the image using dd, compressing it, and checksumming it. dd if=/dev/sda | pv | tee >( md5sum > box.dd.md5 ) | \ tee >( sha1 > box.dd.sha1 ) | tee box.dd | gzip | \ tee box.dd.gz | tee >( md5sum >box.dd.gz.md5 ) | \ sha1 >box.
Read morecompressing mysql binary logs
Under normal circumstances, master servers in a replication can be setup to automatically rotate binary logs using the expire_logs_days my.cnf configuration setting.
However when it is known that slaves are in sync, it can be beneficial to pro-actively reduce on-disk size using compression. This can be especially useful in high-churn environments where binary logs grow quickly.
Grab the script:
git clone git://github.com/marksteele/mysql-dba-tools.gitcalculating distances between coordinates in sql
The following stored functions can calculate the distance between two coordinates using a couple different approximation methods. The return value is in miles.
Haversine approximation
splenda candied walnuts
Ingredients: Enough walnuts to cover your baking sheet, let.s say 2 cups. About 3 cups of granulated Splenda Just enough allspice A good splash of vanilla extract 1 egg white Enough salt to make it salty (1/4 teaspoon maybe?) 2 tbsp melted butter Beat the egg until it.s thoroughly beat, and no longer offers resistance. Throw in everything else, mix it around. Line your baking sheet with foil, spray with pam.
Read morebuilding secure linux systems
In this post, I'm going to be documenting the process that I'm working on to build secure Linux systems.
What I'd like to have when I'm done:
- Selinux is ON and enforcing
- Is certifiable to a set of reasonable standards
- Can be deployed in an automated fashion
- Supports remediation if flaws against known good state found
Phew, that's quite the laundry list. But it forms the basis of a good security architecture. Thankfully, there's lots of help to be had in putting these things together.
port scanning wihtout a port scanner
Booya. For older bash versions for i in $(seq 1 1 1024); do echo > /dev/tcp/10.10.10.10/$i; [ $? == 0 ] && echo $i >>/tmp/open.txt; done Same thing, newer bash versions for i in {1..1024}; do echo > /dev/tcp/10.10.10.10/$i; [ $? == 0 ] && echo $i >>/tmp/open.txt; done
Read more