|
How come # is used to comment code yet #! is used to tell the shell which interpreter to use?
|
#
?
Jan 26, 2015 21:23
|
|
|
|
| # ? May 24, 2024 07:32 |
|
|
It's meta, or something.  It's a comment, not code, but it's a meaningful comment that something (the shell) interprets and does what you'd expect. I think.
|
|
#
?
Jan 26, 2015 21:25
|
|
|
Yeah, that's fair that there are always outliers. I was just kinda surprised I found one with not particularly uncommon hardware.
|
|
#
?
Jan 26, 2015 21:26
|
|
|
Tab8715 posted:How come # is used to comment code yet #! is used to tell the shell which interpreter to use? The shebang is actually a magic number. But given that // and /* */ were used to comment the code UNIX was written in anyway, with ! and ; as other comment delimiters, #! isn't super weird. hooah posted:Yeah, that's fair that there are always outliers. I was just kinda surprised I found one with not particularly uncommon hardware. You found one with recent hardware and an optional kernel module. iwlwifi (or whatever wireless driver is actually used) is fine. It's just that the rfkill from ideapad_laptop is bad.
|
|
#
?
Jan 26, 2015 21:26
|
|
|
Tab8715 posted:How come # is used to comment code yet #! is used to tell the shell which interpreter to use? #! is hardcoded in the Linux kernel. That's a choice that was made a long time ago by some UNIX hackers. They probably chose it so that it would look like a comment to older versions of UNIX which didn't have the magical "#!" behavior, but on newer systems, it would be identified properly. https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/fs/binfmt_script.c#n17
|
|
#
?
Jan 26, 2015 22:08
|
|
|
Hopefully this is the right thread for this kind of thing -- I imagine it's possible. Basically, using a series of piped greps on a set of logs I'm working with, I'm down to a flat text file with a very consistent format. Each line consists of items like:code:code:Basically I'm trying to figure out if it is saner to try to process my data into some sort of a batch file that looks like the grep commands above and then execute that, or if I can do this 'on the fly' since my data is so predictable (i.e. the filename to grep is always the characters before "-ID: ", and the data to grep is always the string of numbers after it.)
|
|
#
?
Jan 26, 2015 23:08
|
|
|
MrChupon posted:Hopefully this is the right thread for this kind of thing -- I imagine it's possible. Basically, using a series of piped greps on a set of logs I'm working with, I'm down to a flat text file with a very consistent format. Each line consists of items like: Do you want an answer fed to you, or do you want to learn a bit? You can do this pretty trivially as a oneliner with ruby, python, perl, or awk. You can do it in a bash oneliner with a little more work, or a shell script in general. If you want to learn a bit, which one of these are you curious about?
|
|
#
?
Jan 26, 2015 23:13
|
|
|
evol262 posted:Do you want an answer fed to you, or do you want to learn a bit? You can do this pretty trivially as a oneliner with ruby, python, perl, or awk. You can do it in a bash oneliner with a little more work, or a shell script in general. If you want to learn a bit, which one of these are you curious about? I don't mind learning a bit, in fact, I would prefer it. I don't have a major preference in technology, I'm not really familiar with any of those. I suppose my requirement would be whichever of them runs on a Mac terminal without installing additional packages, since I'm actually there and not Linux. Ideally if I could get an example of how to extract some arbitrary string from the examples above and pass it to the command line, that would probably get me rolling. But I'm grateful for any help, even if just some links a bit more directed than googling 'bash scripting'. I think where I'm stuck is on how to say "everything before/after these characters is the string I want to extract" as opposed to "extract this string:". Pakistani Brad Pitt fucked around with this message at 23:30 on Jan 26, 2015 |
|
#
?
Jan 26, 2015 23:26
|
|
|
MrChupon posted:I think where I'm stuck is on how to say "everything before/after these characters is the string I want to extract" as opposed to "extract this string:". What you're looking for is "regular expressions" In a more general sense: code:You don't technically need the "while read -r" because "grep 4043612 log.txt-2015012" just from swapping them actually works. It could be a plain "while read" or pipe it into xargs or whatever, but giving them reasonable names lets you play around with, and gives you the flexibility to add additional grep arguments or whatever
|
|
#
?
Jan 26, 2015 23:52
|
|
|
output='cat <filename.txt>' grep $output <filename.txt> Though, I'd imagine you might have to do a cut if there's a space in front of the number. I'm pretty confident you could get this all on one line with some creative pipes.
|
|
#
?
Jan 26, 2015 23:56
|
|
|
I appreciate the responses guys, this is a great place for me to start. I'll post back with my solution later so you can laugh at it.
|
|
#
?
Jan 27, 2015 00:07
|
|
|
MrChupon posted:I appreciate the responses guys, this is a great place for me to start. I'll post back with my solution later so you can laugh at it. The bit of code my in quote will work verbatim. Just replace "somefile.txt" with whatever the actual log is
|
|
#
?
Jan 27, 2015 00:12
|
|
|
evol262 posted:The bit of code my in quote will work verbatim. Just replace "somefile.txt" with whatever the actual log is Ah, indeed it does! (after tweaking the sed command because the text that needed to be replaced with 'nothing' was actually a bit different in real life than in my example post, but obviously you wrote to the given specification). Well, my employer appreciates you doing the homework for me but I'm going to take some time later to break down what you've written here so I can try do it with arbitrary data/commands in the future. Again, thanks very much.
|
|
#
?
Jan 27, 2015 00:25
|
|
|
Tab8715 posted:How come # is used to comment code yet #! is used to tell the shell which interpreter to use? Languages which don't natively use # to denote comments have to specifically ignore #! or otherwise require explicit invocation of its interpreter.
|
|
#
?
Jan 27, 2015 04:45
|
|
|
ExcessBLarg! posted:In part because, while the #! is a useful directive to the kernel, you actually don't want it to be interpreted by an interpreter since it would be a syntax error in most, possibly all languages. Fortunately, with the exception of lisp (which can be compiled anyway), javascript is the only "big" language which would need to ignore it. Everything is compiled and doesn't encounter the shebang. Python, ruby, perl, shell, and even PHP use or can use #
|
|
#
?
Jan 27, 2015 05:33
|
|
|
Okay, you guys have convinced me to set up a VM to deal with my root issues on our server. It's a Debian server, and I want to run scientific computations, so performance is essential. On the other hand, I'm terrible with computers. I assume a simple Ubuntu Desktop installation should be enough - I want some X forwarding and a lot of Python on all of our 1000000000 Xeon cores and that's basically it. What VM software should I use, and is there a recommended guide for this?
|
|
#
?
Jan 27, 2015 11:32
|
|
|
Cingulate posted:Okay, you guys have convinced me to set up a VM to deal with my root issues on our server. If you're serious, a VM may be utterly inappropriate. Is your environment actually a cluster, single system image or otherwise? A VM won't scale that way (or above one machine). What's the job scheduler?
|
|
#
?
Jan 27, 2015 14:39
|
|
|
evol262 posted:If you're serious, a VM may be utterly inappropriate.
|
|
#
?
Jan 27, 2015 15:05
|
|
|
For anyone out there (basically), my "pulseaudio doesn't know how to do balance" problem is going strong. I swear it just broke when I opened Chrome.  Also, the "rampant screen blanking" issue is still open, but I'm sort of beginning to appreciate it in a "Stockholm syndrome" kind of way. I only watch Youtube before going to bed usually, and I can turn off blanking with a couple clicks using a script when I need to, whereas the rest of time this thing that I barely have any control over takes care of the monitor in case I forget to turn it off when I go away.
|
|
#
?
Jan 27, 2015 15:19
|
|
|
Is this just how things are formatted or what does this indicate?code:
|
|
#
?
Jan 27, 2015 16:08
|
|
|
-a is the short form and --all is the long form of the same option. Often with command line options there will be a short, single letter option with one dash, and another that does the exact same thing but is a longer form with two dashes
|
|
#
?
Jan 27, 2015 16:20
|
|
|
Tab8715 posted:Is this just how things are formatted or what does this indicate? You can use either '-a' (as in 'ls -a') or '--all' (as in 'ls --all'). The latter is more readable, the former is faster to type. It's quite common for command line flags to have both "long" and "short" versions; by convention, the short versions start with "-" and can be smashed together (-abc and -a -b -c are equivalent) and the long versions start with "--" and must be separate. The two forms are equivalent. In other words, these three commands all do the same thing: code:In most tools, you can also use "--" to explicitly separate flags and arguments: code:ToxicFrog fucked around with this message at 16:26 on Jan 27, 2015 |
|
#
?
Jan 27, 2015 16:23
|
|
|
Cingulate posted:I actually don't know for sure. I think it's a single physical system, with 24 6-core processors. We don't run a job scheduler on there, I treat it as a simple system. A single system image cluster can also be treated as a single physical system. There are not a lot of 24 socket systems in the world. Try "cat /proc/cpuinfo" to see the actual CPU information. You won't get the topology out of it, but you can learn a lot even without that. You can pull what it actually is with "dmesg | |grep "DMI:''" (you may have to grep DMI: out of /var/log/messages or journalctl, depending on uptime and how many messages you get) If it is multiple systems or chassis (SGI still makes a few systems like this, among others, mostly in the supercomputing space), you'll want to try to find out what the interconnect is. If it's something that doesn't do remote DMA, following the topology is going to be very important for virt. And running a VM will take root privileges or some configuration by your admins anyway... So you may be down to running debian in a chroot, though I have to say that I've never actually tried this. And you probably won't get your admins to change fstab on the host or give you permission to mount psuedofilesystems, so /proc and things may be weird. Plus uid0 is actually treated specially and you wouldn't be able to su to users yo don't have permissions for anyway and... If the system recent enough to have unprivileged container support? You may just have to talk to your admins supermikhail posted:For anyone out there (basically), my "pulseaudio doesn't know how to do balance" problem is going strong. I swear it just broke when I opened Chrome. Stop using XFCE. Or stop using Ubuntu. Or see if someone's filed a bug against XFCE's power manager in Ubuntu. Tab8715 posted:Is this just how things are formatted or what does this indicate? It's just formatting. Some utilities (like tar, cpio, and other oldies) sometimes have more options than it's possible to use even with every character in uppercase and lowercase. Yes, it's stupid. But both work. Take a look at getopt (and getopt_long) for a canonical implementation that's widely used.
|
|
#
?
Jan 27, 2015 16:32
|
|
|
evol262 posted:A single system image cluster can also be treated as a single physical system. There are not a lot of 24 socket systems in the world. Try "cat /proc/cpuinfo" to see the actual CPU information. You won't get the topology out of it, but you can learn a lot even without that. evol262 posted:You can pull what it actually is with "dmesg | |grep "DMI:''" (you may have to grep DMI: out of /var/log/messages or journalctl, depending on uptime and how many messages you get) evol262 posted:If it is multiple systems or chassis (SGI still makes a few systems like this, among others, mostly in the supercomputing space), you'll want to try to find out what the interconnect is. If it's something that doesn't do remote DMA, following the topology is going to be very important for virt. And running a VM will take root privileges or some configuration by your admins anyway...  I think it's really just a single physical system, one tower full of Xeons happily humming along. I'm very skeptical about the possibility, or even, on my part, desire to get the admin to give me special permissions or change fstab. I thought I could just install something like VirtualBox and run it like any regular application? Cingulate fucked around with this message at 17:53 on Jan 27, 2015 |
|
#
?
Jan 27, 2015 17:46
|
|
|
Ok, that makes a lot more sense. "24 6-core processors" made me think there were actually 24 processors. This looks like 2, maybe 4, depending on whether or not hyperthreading is enabled (probably 2). Cingulate posted:I thought I could just install something like VirtualBox and run it like any regular application?
|
|
#
?
Jan 27, 2015 18:03
|
|
|
evol262 posted:Stop using XFCE. Or stop using Ubuntu. Or see if someone's filed a bug against XFCE's power manager in Ubuntu. I had Debian a couple years ago, but for some reason went back to Ubuntu, and I wish I had recorded my grievances or reasons, because I still find Debian's release cycle... comforting, if I may. Anyway, the blanking is a minor issue, as I've said. But I've discovered something about the major problem (I think I have, at least). I got the commands for multimedia keys... somewhere, and they were in the following form: code:code:
|
|
#
?
Jan 27, 2015 18:44
|
|
|
evol262 posted:Ok, that makes a lot more sense. "24 6-core processors" made me think there were actually 24 processors. This looks like 2, maybe 4, depending on whether or not hyperthreading is enabled (probably 2). evol262 posted:Virtualbox uses kernel modules. You need root at least to install it. I think it'd greatly simplify things if I had an installation I have complete control over, without running into danger of killing everyone else's stuff. I would have to make some fairly deep intrusions into our current installation to get a few rather essential packages to run - some of the stuff that's set up right now is ancient in the way only a conservative Debian installation could be.
|
|
#
?
Jan 27, 2015 19:50
|
|
|
I need multiple services to have access to the same SSL key, should I create a new group called 'ssl' or something for that and add the service users to it?
|
|
#
?
Jan 27, 2015 19:55
|
|
|
Cingulate posted:So, would it make sense to ask our admin to install Virtualbox? Or any other WM? Ask your admin to set up libvirt for user access (with sasl auth or otherwise)
|
|
#
?
Jan 27, 2015 20:15
|
|
|
Cingulate posted:some of the stuff that's set up right now is ancient in the way only a conservative Debian installation could be. I have some servers under my care that haven't been rebooted in years 5+ years, and no one actually knows when they were last patched. Production servers on a secure network don't tend to get updated unless something is actively not working, since there is no reason to fix something that ain't broke(and the fixes will commonly break other things that were written to depend on older behaviour)
|
|
#
?
Jan 27, 2015 20:27
|
|
|
For those of you who haven't seen it yet, since I haven't seen it mentioned in this thread: http://www.openwall.com/lists/oss-security/2015/01/27/9 RCE vulnerability in glibc's gethostbyname() function. Apparently it was patched in May 2013 but never marked as a security patch, so a lot of distros never shipped an updated version. You'll definitely want to reboot after applying this patch, since it'd be hard to ensure that everything linking the old version of glibc was restarted otherwise.
|
|
#
?
Jan 27, 2015 20:32
|
|
|
It's hard to tell what common, externally-facing services are actually vulnerable. Sounds like Exim with non-standard options is the big one.
|
|
#
?
Jan 27, 2015 21:36
|
|
|
ExcessBLarg! posted:It's hard to tell what common, externally-facing services are actually vulnerable. Sounds like Exim with non-standard options is the big one. An MTA in general seems like a good candidate for potential exploitation simply due to how many DNS queries they make that are a direct result of headers in inbound emails.
|
|
#
?
Jan 27, 2015 21:39
|
|
|
RFC2324 posted:Production servers on a secure network don't tend to get updated unless something is actively not working, since there is no reason to fix something that ain't broke(and the fixes will commonly break other things that were written to depend on older behaviour) No offence but this is a terrible security philosophy. No network is that secure.
|
|
#
?
Jan 27, 2015 22:01
|
|
|
fatherdog posted:No offence but this is a terrible security philosophy. No network is that secure. Agreed 100%. I update all of my internal stuff regularly as well. I don't care that it's not directly accessible from the Internet, it's better not to risk it. What if someone gets a limited shell (say you're being terrible at security and using Wordpress or some equally exploitable garbage) on an Internet facing machine that also has some visibility into your internal network for some weird reason, then they exploit some old bug in a daemon on your internal network that would have been patched if you kept up on updates? There are far too many potential vectors out there to make it worth risking your network's security by not updating.
|
|
#
?
Jan 27, 2015 22:11
|
|
|
fatherdog posted:No offence but this is a terrible security philosophy. No network is that secure. Its not my policy, its the corporation that has already lost more money due to patching breaking their fabs than they have ever lost to security compromises, and has in the past held large government contracts(people I work with talk about having training on what to do in case of a terrorist attack that included having people literally storm the building with unloaded guns) Every last system admin in the place wants to patch these machines, but it has to be justified beyond a vague 'a thing could happen'. We have had 2 compromises in the past year, but the loss didn't compare to the one time a fiber card with firmware newer than what is approved was plugged into a new build server.
|
|
#
?
Jan 27, 2015 22:11
|
|
|
fatherdog posted:No offence but this is a terrible security philosophy. No network is that secure. It is but numerous corporations still continue to do so, I know of a particular one that has production servers running 5-year unsupported unix distributions. Legacy applications are tough to kill. EDIT - When I inquired, I was basically told there's no funding and everything still works.
|
|
#
?
Jan 27, 2015 22:15
|
|
|
RFC2324 posted:Its not my policy, its the corporation that has already lost more money due to patching breaking their fabs than they have ever lost to security compromises, and has in the past held large government contracts(people I work with talk about having training on what to do in case of a terrorist attack that included having people literally storm the building with unloaded guns) A company that holds large government contracts and has had 2 compromises in the past year still refusing to patch their internal servers because completely unrelated poor planning in a hardware spec cost them more money is some impressive levels of head-in-the-sand-ism from your managers. (please understand that as being stated in a tone of sympathy rather than derision)
|
|
#
?
Jan 27, 2015 22:17
|
|
|
Thalagyrt posted:For those of you who haven't seen it yet, since I haven't seen it mentioned in this thread: http://www.openwall.com/lists/oss-security/2015/01/27/9 I am sure there are some usage scenarios where it's best policy to only fix what breaks. But that's not what would work in our case. I'm not asking for a kernel upgrade for our 2-year uptime machine because, you know, 3.16 is clearly better than 3.14 right? It's that there is exactly one package that will do a certain kind of computation, and the people who made it set it up to work with, for whatever reason, reasonably up-to-date software, and I literally cannot do the work without, for example, a libc from this century. Now if everybody involved was competent at computers, the original programmers would be able to make it compatible with older software, and I'd be able to recompile stuff to work in our environment or maybe just reimplement it myself or whatever, instead of asking stupid questions. But, we're not. Generally, if you're a professional IT guy and have had the fortune to never have dealt with scientists: give it a try once. Scientists are very creative at ignoring and stubbornly working against IT best practices. My .bash_history would probably make you cry. evol262 posted:KVM has been mainline for a long time. Even Debian stable should have it in the stock kernel, but I don't know about your environment
|
|
#
?
Jan 27, 2015 22:30
|
|
|
|
| # ? May 24, 2024 07:32 |
|
|
Thalagyrt posted:Agreed 100%. I update all of my internal stuff regularly as well. I don't care that it's not directly accessible from the Internet, it's better not to risk it. What if someone gets a limited shell (say you're being terrible at security and using Wordpress or some equally exploitable garbage) on an Internet facing machine that also has some visibility into your internal network for some weird reason, then they exploit some old bug in a daemon on your internal network that would have been patched if you kept up on updates? There are far too many potential vectors out there to make it worth risking your network's security by not updating. Not that I'm defending the practice, but proper DMZs and active security scanning go a long way. Even you can't patch the box for whatever reason (breaks CNC or fabs or scada), you can still put it in its own retard vlan which adds another layer. Even a fully patched system can still be subject to problems from 2000 because nobody bothered to label it as security. As usual, defense in depth wins
|
|
#
?
Jan 27, 2015 22:39
|
|