Saturday, November 7, 2015

Off the Graph -- Prepaid Cards

An obvious source of vertices for The Graph is card transactions.  The obvious alternative is to pay cash.  But sometimes you actually end up in situations where you can't pay cash.  I'm trying out using pre-paid visa/mastercard gift cards in those situations.

They act like a real card.  You can load them up to $500 dollars before they become a "financial instrument" and suddenly everyone wants to know who you are and where you live.  Malls like to sell these as "universal gift cards" and you can also pick them up at just about any large-ish drug/convenience/grocery store.  There's even a machine in the San Diego airport that will issue you one for a flat $5 transaction fee.

Fun fact -- the sketchier hotels I've stayed in seem to be switching over to vending machines that only take cards.  Who wants cash sitting around waiting for someone to try to break in?  The idea of using a card for a buck twenty-five purchase is a little odd to me though, considering the cut the processor takes.

And I've been on gigs where the company break-room has an "open canteen" that's a bunch of stuff on shelves and a machine to handle the payment part.  You scan your things, then swipe your card, and it charges you for the stuff.  They do not take cash.

So far, it's been hit-or-miss with these things.  Merchants (or machines) can actually just refuse to take them -- I assume they can tell from the issuer id.  And if you don't want to register your card on the issuer's web site, you're going to have trouble providing the billing zip code when a site or gas pump asks for it.

But they do seem to work in the necessity situations like vending machines and buying drinks on an airplane.  It's fun seeing where they work and where they don't.

Wednesday, August 5, 2015

Terminal Terminals

I'm always fascinated when everyday computer interfaces go sideways.  It's a little peek into the innards of the things.  For instance, I was at the Chicago airport when a storm knocked the power out.  They switched to backup power, but not quickly enough ... all the boarding pass terminals rebooted.  So I took a picture.


Then, there are otherwise sensible Point of Sale terminals that run Windows.  Honestly, you're trying to keep your money, not lose it.  Why would you trust it to a system with such lousy security?  Pictured below is a Canteen "Open Vending" POS.


Speaking of money, one of my favorite finds was a crashed NCR ATM in the Netherlands.  I like that the designers at least put a desktop wallpaper on the system that instructs the user not to enter their PIN.  (Though, in English.)


Finally, I shot a picture of an advertising display that lost its mind.  I'm curious about this one, because it's offering to send crash feedback to Logitech.  Either Logitech's getting into a new market, or this thing is a kludge using some sort of Logitech slideshow app.  Or maybe it's just that a mouse driver blew up and took the rest of the system with it.


Tuesday, August 4, 2015

Crib Notes for Cocktail Hour

Got a lull in the conversation?  Try these:

Wednesday, July 22, 2015

Guerrilla Fix-It: Hotel Lamp Edition

This brand of lamp normally has both plugs facing "forward" like the one on the left.  Most power adapters can't fit, because of the black square piece right there.  Now, if it's loose -- and they frequently are -- you can twist it about 30° to one side and wedge your power adapter in there.  But there's no way to twist it to face a full 90° like the one on the right.

Someone "fixed" it.  I've been to this hotel dozens of times, and none of the other rooms have it like this.  I guess it's just a matter of having a screwdriver with you ... but who took the time?  Some sort of Robin Hood electrician is on the loose.

Wednesday, July 15, 2015

Going "Off the Graph"

That's not a typo, I'm curious about getting off the graph, not off the grid.  I love the grid.  It streams movies at me, and lets me get cash from a machine, and lets me send text messages, and lets me look up words I read in my digital book right there on the same tablet.
Königsberg's Troublesome Bridges

It's the graph that spooks me.  It's the connection of every digital transaction (money, tweet, border crossing, phone call) you ever make into one big fat map that suggests ("profiles?") who you are.

You don't have to be paranoid about the NSA watching every single thing you do.  (Ding! Just added a node to their graph.)  You could be paranoid about stores watching your buying habits to target you with marketing.  For instance, as my brother explains, when you purchase felt pads to keep your furniture from scratching the floor, you get added to a marketing list of new homeowners.  It's presumed that your sudden care for floors stems from presently owning them, instead of renting them.

Is it possible to reduce the number of nodes you're adding to your graph, in this day and age?  I'm curious.  Drug dealers have been doing it for ages with "burner phones."  Executives count on the fact that their hotel pay-per-view purchases will be "discreetly charged."  You can't surprise your partner on Valentines' Day if they saw the hotel room deposit on your joint credit card statement.

So.  How far off the graph can a fully functional, modern-day, employed, human get?

Wednesday, July 8, 2015

Changing VMware Fusion DHCP Lease Times

At any one time, I've got a dozen or so virtual machines that I might want to boot a subset of.  Monday and Tuesday I might need one bunch, but Wednesday through Friday another.  VMware Fusion's default lease time is a day, which means frequently those early-week machines are assigned IPs that the later-in-the-week machines were previously using.  Flip-flop batches and they collide.

Well, you can change the default and maximum lease times that Fusion gives out to guests by using the `vmnet-cfgcli` command.  It's pretty easy, and you do it on a per-vmnet basis.  To query the current values, for example on the NAT vmnet8 device, goes like this:


  sudo /Applications/VMware\ Fusion.app/Contents/Library/vmnet-cfgcli getdhcpparam vmnet8 defleasetime
  sudo /Applications/VMware\ Fusion.app/Contents/Library/vmnet-cfgcli getdhcpparam vmnet8 maxleasetime

And you set the values, again with an example on the NAT network, like this:

  sudo /Applications/VMware\ Fusion.app/Contents/Library/vmnet-cfgcli setdhcpparam vmnet8 defleasetime <seconds>
  sudo /Applications/VMware\ Fusion.app/Contents/Library/vmnet-cfgcli setdhcpparam vmnet8 maxleasetime <seconds>

Restart VMware Fusion and you're all set.  Machines requesting a new lease will now receive one with the updated settings.  By the way, a week is 604800 seconds.

Thursday, April 9, 2015

Build a Puppet Master on CentOS 7 -- Hella Quick-Style

I build Puppet environments all the time, which means I need to set up Puppet Masters all the time.  Here's what I do to get a Master running on CentOS 7 "hella quick-style."

Build a CentOS 7 machine and set its hostname. I'm going to call mine "kermit.localdomain."

hostnamectl set-hostname kermit.localdomain

Then add the official PuppetLabs yum repo to the system's sources.

rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm

Now yum can install the Puppet Master for you.

yum -y install puppet-server

The easiest way to generate the Master's SSL keypair and self-sign its certificate is to just start up the Master in the foreground and then control-C out of it once it's done the SSL bits. (There must be a more elegant way to do this.)

puppet master --verbose --no-daemonize
[Ctrl-C]

Aim the Master's own Agent at itself. The last stanza in a stock Puppet install's puppet.conf is the [agent] section, so we can get away with just appending to it. (Again, using "kermit" in this example.)

echo 'server = kermit.localdomain' >> /etc/puppet/puppet.conf

Add a [master] stanza to the puppet.conf file. On a stock install, it's safe to just append to the file.

cat >> /etc/puppet/puppet.conf <<EOF
[master]
    environmentpath = \$confdir/environments
    basemodulepath = /etc/puppet/modules
    reports = store,log
EOF


The Master won't start without a production environment, so make an empty one.

mkdir -p /etc/puppet/environments/production/{modules,manifests}
echo 'node default {}' > /etc/puppet/environments/production/manifests/site.pp

Copy the package-supplied Hiera configuration file to a place where the Master can find it. Later, you'll likely need to update the 'datadir' and your hierarchy, but for now the stock one is fine.

cp /etc/hiera.yaml /etc/puppet/hiera.yaml

Set up firewalld with a rule for Puppet traffic on port 8140.

cat > /etc/firewalld/services/puppetmaster.xml <<EOF
<?xml version="1.0" encoding="utf-8"?>
  <service>
    <short>puppetmaster</short>
    <description>Puppet Master</description>
    <port protocol="tcp" port="8140"/>
  </service>
EOF

Tell firewalld to use the rule.

firewall-cmd --permanent --add-service=puppetmaster   # may take two tries
firewall-cmd --reload

And finally, start up the pieces.

puppet resource service puppetmaster ensure=running enable=true
puppet resource service puppet ensure=running enable=true

That's it! If you have to troubleshoot, tail /var/log/messages for clues. Remember, you can kick off Puppet runs manually with `puppet agent -t` to see what's going on during a run.