ceph

วันนี้ ceph เดี้ยง

สืบพบว่ามาจาก monitor node 2 ใน 3 ตัว ..  ทั้งสองตัว เป็น VM connect ได้ daemon running  แต่ disk ของตัว host เป็น read-only .. พอ monitor พยายามบันทึกข้อมูลลง disk ไม่ได้มันก็ค้าง พอ monitor ค้าง ceph cluster ทั้งก้อนหยุดทำงาน

ได้ใช้ท่า troubleshooting: stop monitor / dump monmap / ลบ monitor node ที่ใช้งานไม่ได้ออกไปจาก monmap / inject monmap ตัวใหม่เข้า monitor node ที่ใช้งานได้

restart monitor

คืนชีพ (^^)v

Password authentication must die .. soon.

Password authentication depends on user input. To make it safe, one of the requirement is that you need to do it safely and quickly enough and hope that nobody could catch what you type on the keyboard.

Nowadays, we can’t hope such.

With naked eyes, we can simply read gestures, types, presses most of people do when they unlock their phone. With cameras, you can replay – in slow motion.

This is not new at all. Though, nowadays, cameras are everywhere, videos are publicly available, big data, machine learning, if you put them together, you can extract a person’s password from such sources.

Many IT vendors already knew this for years. That’s why they started pushing biometrics like fingerprint scans, face recognition in their products, and encourage their users to use it – at least, as one factor of their authentication methods.

IMHO, the password authentication should completely be eliminated. We should not even use it as a factor in authentication ecosystem – it must die.

Let me hope it will – soon.

BTW, researches on replacing password authentication are very welcome. :)

Using docker-machine to deploy multi-manager docker swarm

Of course, HA is a must in production environment. So, you gonna need multi-manager docker swarm. It is super easy when you know how.

First, you cannot use token, you need a discovery service (consul, etcd, zookeeper). So, create one if you don’t have, e.g.

$ docker-machine create -d virtualbox consul
$ docker-machine ssh consul
docker@consul:~$ docker run -d --name consul \
  --net host gliderlabs/consul-server \
  -advertise 192.168.0.100 \
  -bootstrap-expect 1

Next,  create multiple swarm managers (we have obsoleted the term swarm master, though.)

$ docker-machine create -d virtualbox --swarm \
  --swarm-master \
  --swarm-opt replication \
  --swarm-discovery consul://192.168.0.100:8500 \
  --engine-opt cluster-store=consul://192.168.0.100:8500 \
  manager-0 
$ docker-machine create -d virtualbox --swarm \
  --swarm-master \
  --swarm-opt replication \
  --swarm-discovery consul://192.168.0.100:8500 \
  --engine-opt cluster-store=consul://192.168.0.100:8500 \
  manager-1

Note that you need –swarm-master and –swarm-opt replication to make this works. Now, you have it. You can either

$ eval $(docker-machine env --swarm manager-0)

or

$ eval $(docker-machine env --swarm manager-1)

Check the “role” line, one will be the primary, the others will be replicas.

Normally, you would want to set docker environment to the primary. Somehow, if the primary has failed, one of the replicas will takeover and you can set the environment to the replica to control your swarm cluster. You can later recover the failed manager, or create a new manager.

Easy, right ? ;)

สงกรานต์ 2559

สงกรานต์ปี 2559 เป็นปี จ.ศ. (2559 – 1181) = 1378

วันเถลิงศก ตรงกับ

(1378 * 0.25875)
 + floor(1378 / 100 + 0.38)
 - floor(1378 / 4 + 0.5)
 - floor(1378 / 400 + 0.595)
 - 5.53375
 = 356.5575 + 14 - 345 - 4 - 5.53375
 = 16.02375

= วันที่ 16 เมษายน 2559 เวลา 00:34:12

วันสงกรานต์ ตรงกับ

16.02375 - 2.165 = 13.85875

= วันที่ 13 เมษายน 2559 เวลา 20:36:36

AlphaGo and the future of AI.

The Go match between AI and pro is very interesting. I’m a fan of igo/weiqi/baduk. I used to play constantly, and was rated SDK (single-digit kyu). Also, as a computer scientist, Go is the only board game that the best human can defeat the best AI.

Well, not anymore.

AlphaGo, with deep/machine learning, was well-trained, and beat one of the world’s best professional, Lee Sedol 4-1 (game records [1] [2] [3] [4] [5]).

With the advancements of methods, algorithms, and abundant resources of Google/Alphabet, I would not surprise much about the result. What surprised me was that it came much earlier than I expected.

With such advances in AI, many people start discussing about AI/robots will take over the planet – like Terminator’s SkyNet, or the Matrix. I think we, humanity, should must be very careful about using AI. We all should must know that, in the end, human cannot be superior the AI.

Biologically, we just can’t.

Many scientists knew that. For decades, groups of researchers tried to come up with the ultimate laws to control AI to ensure the public safety; something like Asimov’s Three Law of Robotics in the real world. There are many recent papers published in the area called “Ethics of Artificial Intelligence“.  Having ethics / laws is great, I totally agree with that. But, then again, just like any laws humanity came up with – religions, rules, laws, ethics, orders, you name it – the problem is the control.

Controls, including ones that will apply over AI, depend on human. But, humans are radical. They are uncontrollable. I’m pretty confident that, even with the ultimate laws of robotics, ones will build AI without the laws embedded.

The threat against humanity is, unfortunately, not the AI, but humans themselves.

Graylog Extractor for Fortigate Firewall

I’ve been using Graylog in production for awhile. It’s a great log analysis tool, backed by elasticsearch. Conceptually, graylog is pretty much like splunk. I consolidate approximately 170-200 million log messages to graylog everyday. So, I need to optimize them well enough.

Few days ago, I started to use Fortigate extractors from a git repo. It uses regex, and it is very slow. So I (have to) write my own extractors. I write Grok pattern, and keep rewriting until I could cover all messages I need to extract. Then, I started to optimize the pattern. The result is quite good though. I could reduce extractor time from more than 100,000 usec to about 100 usec.

extractor

Yes, that’s approximately 1000x times faster. It’s definitely not perfect though, but it works for me. If you think it might be good for you, you can download my Fortigate content pack here.

Enjoy :)

dnsmasq

dnsmasq is the default DNS resolver if you use NetworkManager. It runs pretty well most of the time. When it doesn’t, you would not be able to access the Internet if you need to resolve names.

I’m not a fan of dnsmasq, and if you – like me – want to disable it, just edit

/etc/NetworkManager/NetworkManager.conf

and remove/comment

dns=dnsmasq

Restart NetworkManager, it will use traditional faithful method of /etc/resolv.conf.

Quick install graylog on Ubuntu

Yes, yes, I know. There is the official document to guide you, e.g. http://docs.graylog.org/en/2.0/pages/installation/operating_system_packages.html

BUT, RTFM ! You need to install Java, MongoDB, elasticsearch config, and ensure they run well BEFORE you can run Graylog. That would need skills and time to do it right.

For those Ubuntu people, there is another way. Graylog officially (and constantly) releases a single deb package to update the OVA version. This package includes everything you need to run Graylog, so you can use it to deploy Graylog.

You can simply download the package at https://packages.graylog2.org/omnibus, dpkg -i to install, graylog-ctl to configure and run.

DONE.