All posts by alter

os x: split and concat video files

1
brew install mp4box

splitting

splitting can be done timewise, sizewise (eg split every 700MB). parts of a MP4 can be extracted timewise (eg from sec 10 — 60)...

of course splitting video will be done at keyframes automatically. to avoid too much hassles with keyframes the splitting option will only work on mp4 files which have only 1 video stream!

the flags for splitting are:
— split seconds
— splits size (in kb)
— splitx Starttime:Endtime (in seconds)

eg if you want to split a 1400mb MP4 file into two parts a 700mb you can use the following cmdl:
Code:

1
mp4box -splits 716800 input.mp4

concatenating
(or appending) can be done on all files which are similar (eg same resolution, some audio/video format...), framerate shouldnt matter (as MP4 supports variable framerate)

the flag for concatenating is:
— cat
it works in a similar way as «-add», which means you can even -cat two .avi or .mpg files into one MP4 file in one commandline

eg for concatenating two files you can use:
Code:

1
mp4box -cat file1.mp4 -cat file2.mp4 output.mp4

both cat and split should work with all streams supported in MP4Box, like ASP, AVC, AAC, MPEG-½ Audio and Video (eg MP3), TTXT and even on Vobsubs and ALAC (apple's lossless audio codec using in itunes) and the chapters should be edited too

OS X: nvram options

How to disable options:
sudo nvram -d

Commands:
sudo nvram SystemAudioVolume=%80
This command will disable startup (power on) sound

Next part of article from https://www.cnet.com/news/boot-argument-options-in-os-x/
When you boot a Mac system you have the option to supply keyboard commands at startup to boot the system to alternate environments. For instance, a common option is to hold the Shift key to boot to Safe Mode, but you can also hold Command-V for verbose mode (a text output of items as they load), or Command-S for Single User mode, which drops you to the command line as the «root» user so you can perform troubleshooting tasks.

In addition to keyboard commands at startup, you can use the «nvram» terminal command to set a number of different boot options, which might be useful when troubleshooting your Mac. Apple's machines have a number of hidden boot options that you can use, though do keep in mind that most of these are for troubleshooting purposes and will only be useful to programmers.

sudo nvram boot-args="-v"
This command will set the system to always boot to Verbose mode, so you do not have to hold Command-V at startup.

sudo nvram boot-args="-x"
This command will have the system always boot into Safe Mode.

sudo nvram boot-args="-s"
This command will boot the system into Single User mode without needing to hold Command-S at startup.

sudo nvram boot-args="iog=0×0"
This reverses the «Clamshell» mode for Apple's laptop systems, where when you close the display but connect the system to an external monitor and keyboard the system will stay awake. After running this command, when connecting an external monitor, the internal display will be disabled, which can be beneficial in some situations such as those where you are mirroring your desktop but wish to run the external display at a higher resolution than your laptop can run.

sudo nvram boot-args="debug=0×144"
This is a combination of kernel debugging features that will show you extra information about the kernel's processes, which can be exceptionally useful if a system is experiencing kernel panics. Another option is to use debug=0x14e, which will display even more logging options. The primary use for this is that it enables old-style kernel panics that show scrolled text on the screen about why the system panicked, instead of displaying the gray backdrop and the message to merely restart your system. Alternative debug options are the following, though these will likely only be useful to kernel programmers:

0×01 — Stop at boot time and wait for the debugger to attach
0×02 — Send kernel debugging output to the console
0×04 — Drop into debugger on a nonmaskable interrupt
0×08 — Send kernel debugging information to a serial port
0×10 — Make ddb the default debugger
0×20 — Output diagnostics information to the system log
0×40 — Allow the debugger to ARP and route
0×80 — Support old versions of gdb on newer systems
0×100 — Disable the graphical panic dialog screen

sudo nvram boot-args="arch=x86_64"
On Snow Leopard system, even though a 64-bit kernel is available, the system boots to the 32-bit one by default. This command will change this so the system always boots to the 64-bit kernel. To change systems to always boot to a 32-bit kernel, replace the «x86_64» section of the command with «i386.» In some instances, third-party kernel extensions might be 32-bit or 64-bit only, which will require booting to the respective kernel type in order to load.

sudo nvram boot-args="maxmem=32"

Limits the addressable memory to the specified amount, which in this case is 32GB. This is another one of those that is likely only useful to programmers. Without it, the system sets the memory limit to either the maximum that the hardware can address, or to the amount that is installed.

sudo nvram boot-args="cpus=1"
Limits the number of active processors in the system to the set level. Apple's developer tools have an option to enable or disable some of the CPUs on the system, but you can do this manually by running this command and specifying the number of CPU cores to use. In some cases, such as with laptop systems, this might help preserve power, though is likely not useful for much else unless you are testing and programming.
With these options you can set them individually by running the above commands one at a time, or you can combine them if needed. For instance, to set the system to boot into Safe Mode and verbosely show items as they load during startup, you can either run both of the commands listed above to do this, or you can simply combine them into the following command:

sudo nvram boot-args="-x -v"

To disable these features and have the system boot normally without any extra options, you can erase them from the nvram by either resetting it or, more specifically, by running either of the following commands in the Terminal (these will reset the boot arguments instead of resetting all the nvram variables):

sudo nvram boot-args=""
sudo nvram -d boot-args

PS: Detailed article https://osxeon.wordpress.com/2015/08/10/boot-argument-options-in-os-x/

How to install/change SSL/TLS certificate

How to add new SSL/TLS certificate

If you need to set up HTTPS, you will need a new SSL/TLS certificate:
1. following information which is needed for certificate request (CSR):

    Country Name (2 letter code)
    State or Province Name (full name)
    Locality Name (eg, city)
    Organization Name (eg, company)
    Organizational Unit Name (eg, section)
    Common Name (e.g. server FQDN or YOUR name)
    Email Address
    you can get FQDN from your serving hostname/domain.

2. Generate a private key and certificate request:

1
openssl req -out cert.csr -new -newkey rsa:2048 -nodes -keyout cert.key

3. buy certificate using generated csr.
4. Add certificate for expiration monitoring (if you have monitoring).
5. setup it to your server

How to install/change SSL/TLS certificate

1. If you received .pfx file, use the following command to decode it:

1
openssl pkcs12 -in domain.pfx -out certificate -nodes

This will write both private key and certificate in certificate file.
2. You should get about 4 files:

    domain-name.crt — X.509 certificate file
    domain-name.csr — X.509 certificate request file
    intermediate.crt — X.509 certificate file of intermediate (proxy) level
    domain-name.key — RSA private key file for certificate

3. Check that files compatible:

1
2
3
openssl rsa -noout -modulus -in cert.key
openssl req -noout -modulus -in cert.csr
openssl x509 -noout -modulus -in cert.crt

All files should have the same modulus.
4. Check dates for new certificate:

1
openssl x509 -noout -dates -in cert.crt

5. Check that domain and intermediate certificate are compatible:

1
2
openssl verify -CAfile intermediate.crt domain-name.crt
domain-name.crt: OK

If you have several intermediate certificates, put them into one intermediate.crt file.
6. Create chain certificate file:

1
cat domain-name.crt intermediate.crt > cert.crt

Remember that first certificate should be for desired domain and intermediate goes after.
7. Put cert.crt and cert.key into server's ssl folder
8. restart web-server
9. Check that certificate updated successfully:

1
openssl s_client -connect domain.name:443 2>/dev/null < /dev/null | openssl x509 -noout -dates

Checking for missing intermediate certificate

if your browser says that site is untrusted and you get the following error:

1
2
3
4
5
6
7
8
9
10
11
12
openssl s_client -connect display.intencysrv.com:443 -showcerts
CONNECTED(00000003)
depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = display.intencysrv.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = display.intencysrv.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = display.intencysrv.com
verify error:num=21:unable to verify the first certificate
verify return:1
<...>

than you probably missing intermediate certificate. Find it in Google, check that it's compatible and install (see 4-5 upper). You can check remotely that downloaded intermediate certificate is compatible:

1
openssl s_client -connect domain.name:443 -CAfile ca.crt

Remember,
Apache supports bundled certificates starting from 2.4.8. If you using Apache prior this version you might get a message about a missing intermediate certificate.

useful functions for .bashrc/.zshrc

ssh domain.name will open tmux terminal on the remote side or reconnect to the old one.
Also it reconnects when get issue with connection.

1
2
3
4
5
6
7
8
9
10
11
12
function ssh () {
    if ! command -v autossh &> /dev/null; then echo "Install autossh"; fi
    AUTOSSH_POLL=20
    export AUTOSSH_POLL
    if [ $# -eq 1 ]; then
        autossh -M 0 $@ -t "tmux attach -t alter || tmux new -s alter";
    elif [ $# -gt 1 ]; then
        /usr/bin/ssh -A $@
    else
        /usr/bin/ssh -h
    fi
}

Insert to pastebin service your message:
$ echo 'test1' | pb
https://pb.idone.su/view/8f60b2b5
$ curl https://pb.idone.su/view/raw/8f60b2b5
test1

$ pb «test2»
https://pb.idone.su/view/32974896
$ curl https://pb.idone.su/view/raw/32974896
test2

1
2
3
4
5
6
7
8
function pb(){
    if [ -n "$1" ]; then
        echo "$1" | curl -d expire=1440 -d private=1 --data-urlencode text@- https://pb.idone.su/index.php/api/create
    else
        stdin="$(cat)"
        echo "$stdin" | curl -d expire=1440 -d private=1 --data-urlencode text@- https://pb.idone.su/index.php/api/create
    fi
}

Security: mongodb

If you don't have auth on mongo servers which are open for all your network hacker could:
— use system commands like: ls (), cat (), removeFile (), fuzzFile ().
— use command: load (), which loads javascript script
— also he could enable auth for your instances and you loose control
— detect if it's a windows or linux host by _isWindows ()

Puppet: apt-get update before Package installation

Obvious way:

1
2
3
4
package {
        'pssh': ensure => 'present',
         require  => Exec['apt-get update']
}

But if you have several package definitions with Exec in each of them — apt-get update will be executed several times.

I found a better way:

1
2
3
4
exec { "apt-update":
        command => "/usr/bin/apt-get update",
    }
Exec["apt-update"] -> Package <| |>

It'll execute apt-get update one time before Packages.