zsh – A better shell for DevOps

I recently moved from bash running in default terminal to zsh powered using oh-my-zsh running in iTerm2 on my development OS X and I won’t go back soon. Beautiful colors, wonderful custom prompts for the left and the right side of the screen as well as an awesome tab completion for nearly all the tools you need (git, rvm, git-flow, brew, bundler, rails, …). Have a look at the screen shot and in case you like it:



Remove big or confidential files from a git repository

It might happen that one checked in a bunch of big files to a git repository (Use “du -sh .git” to determine the current git repository size). In order to speed up the clone process and reduce the disk usage those files needs to be removed completely.

Note: It might be that the big files has been deleted already and one don’t know their names. I found a script doing this job in a post on stackoverflow.com. Make sure to search through all your branches.

Of course a simple “git rm” won’t do the job. The tool of choice for this case is “git filter-branch”. The following command will delete the file “./directory/subdirectory/bigfile.tar.gz” from the commit history of all branches and tags:

git filter-branch --index-filter 'git rm --cached --ignore-unmatch ./directory/subdirectory/bigfile.tar.gz' --prune-empty -- --all

There are still references to the files in the git reflog. The following command deletes the whole reflog and thereby the remaining references to the files:

git reflog expire --expire=now --all

Now that all references has been deleted git can garbage collect the files. The following command will trigger git garbage collection instantly:

git gc --prune=now

Now the files deleted using git filter-branch should be removed (Use “du -sh .git” to determine the current git repository size). If that is not the case git needs to do a aggressive garbage collection run. The following command will trigger this:

git gc --aggressive --prune=now

deny http directory access in apache2 using htaccess

if you own a web hosting package it might contain some directories or files which you want to access only using ftp or ssh. maybe some backup directories of your favorite cms, custom backup scripts or a git repository.

for the fast guys: This is possible using the FileMatch directive containing a deny from all inside a .htaccess file inside the directory to protect.

For all the others:

  1. create the new directory
  2. add a new file named “.htaccess” to the directory you just created
  3. insert the following lines into the “.htaccess” file you’ve just created:
    <FilesMatch ".*">
     Order allow,deny
     Deny from all
  4. the directory is now protected. put some files into it and test the protection!

Since deny creates a wonderful 403 error message everyone will know that there is something interesting inside this directory. This might also be considered as information disclosure. To close this disclosure one might also replace the 4 lines in the .htaccess file with the following rewrite statements:

RewriteEngine on
RewriteRule ^.*$ /some_non_existing_file_which_will_create_a_404

modding “das keyboard” #2

Here is a status update of my previous post modding “das keyboard”: After my order of the soft landing pads got lost on its way from America to Munich I gave the o-ring mod a try. It works like a charm and o-rings are available in Germany so shipping was not a problem this time.

In case someone is interested in the details: I used the default rubber o-rings sized 4.76 x 1.78 mm. I ordered them in a German web shop which sells them under the following title: “Präzisions-O-Ring 4.76 x 1.78 mm NBR70″.

new design for justinbieberweb.com

Yesterday someone told me about the new design of justinbieberweb.com. So here is the old design:

google website preview

google website preview

And here comes the new one:

webiste screenshot

webiste screenshot

Google has already updated some of its indexes…

updated google website preview

updated google website preview

updated google website preview

updated google website preview

How to prevent this in the future: OWASP Top 10.

disable ipv6 on debian squeeze

There should be 3 different ways to disable IPv4 but unfortunately only one of them works: The boot command line one. It works by adding a simple ipv6.disable=1 to the linux boot parameters. Here is how to do it using grub 2:

  • edit the file
  • find the line starting with
  • if you never changed anything it will look like this:
  • change this line to contain the


  • if you never changed anything it should look like this:
  • type the following into the command line as root :
  • Reboot your machine

yaf iptables reset script

Even after 3 minutes googling I was not able to find a complete iptables reset script. This post tries to change this situation:

echo "Disabling IPv4 packet forwarding..."
echo 0 > /proc/sys/net/ipv4/ip_forward

echo "Flushing chains..."
iptables -F
iptables -t nat -F
iptables -t mangle -F

echo "Deleting user defined chains..."
iptables -X
iptables -t nat -X
iptables -t mangle -X

echo "Setting default chain policies..."
iptables -P INPUT ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t mangle -P INPUT ACCEPT
iptables -t mangle -P FORWARD ACCEPT
iptables -t mangle -P OUTPUT ACCEPT
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P POSTROUTING ACCEPT

Anybody interested in building a simple NAT gateway will find the following lines quite helpful:

echo "Enabling IPv4 packet forwarding..."
echo 1 > /proc/sys/net/ipv4/ip_forward

echo "Enabling SNAT of outgoing packages..."
iptables -t nat -A POSTROUTING -o XXX -j MASQUERADE

Don’t forget to replace XXX with your outgoing interface name eg. ppp0.

html5 ftw

I recently read a nice article about HTML5 bot nets. I do really like the approach since it introduces platform independence to bot nets and the relationship between the attacker and its victim could be defined in an ASP contract :-)

pretty old presentation at the defcon: My Life as a Spyware Developer

During my research for a security presentation I found this nice speech about a the life of a spyware developer. Have phun watching it :-)

modding “das keyboard”

Last week I bought a new keyboard called “das keyboard”. It is available in 2 different versions. The default one built with cherry mx blue switches and a silent version built with cherry mx browns. The browns are not as loud as the blue ones since they don’t click and the frequency of the noise is lower. People tend to be more disturbed by higher frequencies than lower ones. But if it comes to the noise level of the whole keyboard the silent version is not as silent as it’s name states. Since the mx blue switches have a better tactile feedback, it is easy to not “bottom out” the keys. This is not the case using the mx brown switches. So some of the noise of a “das keyboard” in the silent version is produced when you bottom out the keys. This is a known issue with a known solution. It is called “o-ring mod” or “soft landing pad mod”. The basic idea is to reduce the bottom out sound by damping the landing of the key cap using an o-ring or a thin rubber pad. I ordered the landing pads in shop called elitekeyboards. Since the stuff needs to be shipped from the US it may take a while until I’ll blog about doing the actual mod.

As stated earlier, this only eliminates the source of “some of the noise”. There is another source of noise created by the key switch returning to its original position. I didn’t find a solution for this problem but I’ll keep searching :-)

This site is protected by Comment SPAM Wiper.