Mitigating GHOST with Salt

Using SaltStack to recover from CVE-2015–0235 (Qualys Security Advisory, GHOST: glibc gethostbyname buffer overflow) Most of us sysadmin types were pounded with this announcement this morning. The GHOST vulnerability is worth patching against—most Linux distros have already released patches—but it’s useful to know if your machines are vulnerable, or if after patching, the patch was successful. The canonical way to test for the vulnerability is with a short C program:

@ [C. R. Oldham]

5 min read
Jan 27, 2015
Mitigating GHOST with Salt

LXC on OpenSUSE Tumbleweed

Author’s Note, 2018-09-28: This article is quite outdated. Docker and LXC have both matured significantly since I wrote it. I’ve been enjoying OpenSUSE’s Tumbleweed distribution. It has all of the benefits of a rolling release like Arch without some of the instability. Unfortunately, my standby for lots of testing, LXC, doesn’t quite work out of the box. You can retrieve images with lxc-create -n name -t download but the images won’t start.

@ [C. R. Oldham]

4 min read
Aug 11, 2016
LXC on OpenSUSE Tumbleweed

Installing macOS X 10.9.2 with Salt

Several weeks ago I installed Salt on all my Macs. I have 7 currently, two of which cannot run Mavericks and are stuck at Lion (10.7). I know you can configure them to install updates automatically, but a couple of these are development machines and one is a server, and I just don’t like the idea of having them install updates and reboot whenever they feel like it. Furthermore, the 10.

@ [C. R. Oldham]

3 min read
Jan 24, 2015
Installing macOS X 10.9.2 with Salt

Removing WireLurker with Salt

Claud Xiao from Palo Alto Networks has been in touch with me and I updated this script with his recommendations. Please note I don’t plan to add Windows support, the anti-malware vendors do a great job maintaining signatures and removing stuff like this. The news hit the fan early yesterday morning—lots of Apple haters were giddy with excitement at the revelation of the WireLurker trojan that infects iOS devices via their host Macintosh when the devices are plugged in via USB.

@ [C. R. Oldham]

2 min read
Jan 24, 2015
Removing WireLurker with Salt

About

C. R. Oldham

I am an experienced technologist currently working for SaltStack as Principal Engineer of the backend team for SaltStack Enterprise. While I have spent the bulk of my career in software architecture and engineering, team management, and DevOps, I did take a 6-year hiatus to start and run the Utah chapter of HopeKids.

I enjoy hiking, books, small-scale computing (microcontrollers like Arduino and ESP8266/ESP32, Raspberry Pi, Nerves), distributed and event-driven computing, as well as video games.

I work a lot in Python, run macOS and Linux, have been experimenting with Elixir, Erlang, and Go.

See the page headers on this site for various ways to communicate with me.

This site’s mascot is the “Nickelbot”, an extension of the domain name (ncbt -> Nickelbot), and warped to be the name of this blog (Nickelblog). The domain name stands for a paraphrase (“Not conformed but transformed”) from a quote from the book of Romans: “And do not be conformed to this world, but be transformed by the renewing of your mind…”

Nickel the element is a transition metal. It is hard, but malleable and ductile when sufficient force is applied. It is resistant to corrosion, conducts electricity, and is not very reactive.

Favorite elements of the software stack