Quick File Encryption from the CLI Linux

If you have openssl installed, you have all you need to encrypt files. For instance, suppose you want to store some credentials in git, but you don’t want just throw your business all over the place. You could do this:

openssl aes-256-cbc -salt -in -out

when you want to decrypt the file later, do:

openssl aes-256-cbc -d -salt -in -out

there you go, TrueCrypt replacement at your finger tips

Memory Blues on OS X 10.10 Mavericks

So, I have an older MacBook Air, a late 2010 to be precise. Currently, it’s my full time workstation. I love that I can just toss it in my bag and have close to all day computing with me. But, this little guy has 4 precious gigabytes of RAM that are constantly under attack. I received a pro tip from Rebeeca Shen (linkedin) the other day about about clearing file / app cache and I’d like to share this one liner with you:

sudo purge

And vula! You’re system’s memory should look more healthy, and you should notice an up tick in performance. The man page is pretty slim on what’s happening under the hood, but I suspect (warning full speculation here) that OS X makes a RAM disk that it then saves files you’ve worked on recently, and browser cache, etc and attempts to make the machine quicker by having these resources in RAM. Well, it ain’t helping with 4GB of RAM. I’ve saved this as a cronjob to run every 30mins and so far I haven’t had any swap usage. Obvious side effects may include slower application start times, and file retrieval, so you may want to tune the cronjob to your liking.


EDIT: Rebecca dropped some more knowledge on me, if you’re dealing with WindowServer and/or kernel_task sucking the life out of your CPU and/or RAM try these steps.



Java keystore with existing keys

I’m tired of looking this up, so I’m posting it here:

lifted from: http://stackoverflow.com/questions/17695297/importing-the-private-key-public-certificate-pair-in-the-java-keystore

# Create PKCS12 keystore from private key and public certificate.
openssl pkcs12 -export -name myservercert -in selfsigned.crt -inkey server.key -out keystore.p12

# Convert PKCS12 keystore into a JKS keystore
keytool -importkeystore -destkeystore mykeystore.jks -srckeystore keystore.p12 -srcstoretype pkcs12 -alias myservercert

keytool -list -v -keystore mykeystore.jks

sshuttle a faster way to stunnel

So this post is dedicated to VMware. Vmware, thank you for being so expensive that I’ve decided (against my morals and previous rants) to install Ubuntu MaaS on my lap stack because I refuse to pay your inflated cost for licensing. Have a nice day!


SO, in actuality, this post should be dedicated to Ubuntu, which makes me cringe and shiver because of this, and this and that. While researching MaaS and JuJu, both cloud tools offered from Canonical, ‘the company behind Ubuntu’ (every time I see that slogan I recall ‘my the odds ever be in your favor’ ugh). I’ll give Canonical this, those tools sets are pretty rad. But, this adventure to replace ESXi has lead me here. Sstunnel. Here’s the skinny: data over TCP instead of TCP over TCP. For you non Network wizkids (I’m no wizkid but know enough to be dangerous , TCP is a packet streaming service for lack of better explanation. Basically it incurs a lot of loss, and isn’t well suited for some task (ie mobile data connections) but all the other particulars about it are really awesome (stateful, resends, etc). Sshuttle resolves this by building the tcp stream on the sending side, and just shipping the data over, and having the receiving side unpack the data into a TCP stream.

The doc in github does a better job explaining this. But, this may be a solution to not being able to have edge to edge routing in AWS for me with VPN tunnels instead.


More to come…

Just incase the Canonical sharks are lurking:

Disclaimer: In case you are either 1) a complete idiot; or 2) a lawyer; or 3) both, please be aware that this site is not affiliated with or approved by Canonical Limited. This site criticizes Canonical for sucking, ruining FOSS, and teaming with companies that want to see FOSS die. So, obviously, the site is not approved by Canonical. And our use of the trademarked term Ubuntu is plainly descriptive — it helps the public find this site and understand its message. VMware lawyers, just replace VMware for Canonical. And thanks for not being as evil overtly evil  as Canonical.

OpenSSH pubkey gen

Found something pretty awesome today:

ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub

From the ‘man ssh-keygen’

 -y      This option will read a private OpenSSH format file and print an
         OpenSSH public key to stdout.

This will let you output the public key from a private key in the ANS1 format that OpenSSH uses.