One-liner: get all service names and associated protocol numbers on Fortigate

Run in a VDOM:

sh firewall service custom | grep 'edit\|port\|type\|proto'

    edit "ALL"
        set protocol IP
    edit "ALL_TCP"
        set tcp-portrange 1-65535
    edit "ALL_UDP"
        set udp-portrange 1-65535
    edit "ALL_ICMP"
        set protocol ICMP
        unset icmptype
    edit "GRE"
        set protocol IP
        set protocol-number 47
    edit "DHCP"
        set udp-portrange 67-68
    edit "DNS"
        set tcp-portrange 53
        set udp-portrange 53
    edit "FTP"
        set tcp-portrange 21
    edit "FTP_GET"
        set tcp-portrange 21
    edit "FTP_PUT"
        set tcp-portrange 21
    edit "H323"
        set tcp-portrange 1720 1503
        set udp-portrange 1719
    edit "HTTP"
        set tcp-portrange 80
    edit "HTTPS"
        set tcp-portrange 443
. . .

О неприятии типологий

https://snob.ru/selected/entry/120728

Козинский определяет нас лишь по пяти показателям: открытость новому, интроверсия и экстраверсия, ответственность, доброжелательность, нейротизм. У Никса и Cambridge Analytica всего пять базовых профилей личности.

Собственно, такой нехитрой математики, как выясняется, вполне достаточно, чтобы каждого из нас «посчитать». И мы можем сколько угодно рассуждать о собственной индивидуальности, исключительности, невообразимости и т. д. Но это бред сумасшедшего, страдающего манией личностного величия.

Желающие могут обманываться и дальше. Но их тоже посчитают: на непереводимом языке искусственного интеллекта будет сделана соответствующая пометка — «наивен, недальновиден, без ума от себя».

:D

How to install and keep an obsolete Solaris package

If you (like me) are still using Solaris (why BTW, if I may ask?), then you might stumble upon the problem of disappearing packages. Let’s take, for example, gimp:

# pkg list -af gimp
NAME (PUBLISHER)          VERSION                    IFO
image/editor/gimp         2.6.10-5.12.0.0.0.97.0     --o
image/editor/gimp         2.6.10-0.175.3.0.0.26.0    ---
image/editor/gimp         2.6.10-0.175.2.0.0.27.0    ---
image/editor/gimp         2.6.10-0.175.1.0.0.24.0    ---
image/editor/gimp         2.6.10-0.175.0.0.0.2.0     ---
image/editor/gimp         0.5.11-0.151.0.1           ---

Flag “o” means “obsolete”. If you have version “2.6.10-0.175.3.0.0.26.0” installed, and it gets updated to “2.6.10-5.12.0.0.0.97.0” (which is obsolete), your package will get removed. If this what happened, here’s the path to restore it.

First, install the latest version before “o”:

pkg install -v image/editor/gimp@2.6.10-0.175.3.0.0.26.0

Then “freeze” it:

# pkg freeze image/editor/gimp

Now if you run pkg list again, you will see two new flags:
“i” – installed
“f” – frozen

# pkg list -af gimp
NAME (PUBLISHER)            VERSION                    IFO
image/editor/gimp           2.6.10-5.12.0.0.0.97.0     --o
image/editor/gimp           2.6.10-0.175.3.0.0.26.0    if-
image/editor/gimp           2.6.10-0.175.2.0.0.27.0    ---
image/editor/gimp           2.6.10-0.175.1.0.0.24.0    ---
image/editor/gimp           2.6.10-0.175.0.0.0.2.0     ---
image/editor/gimp           0.5.11-0.151.0.1           ---

# pkg freeze
NAME               VERSION            DATE            COMMENT
image/editor/gimp  2.6.10-0.175.3.0.0.26.0:20150705T202845Z 15 Feb 2017 23:01:02 CET None

Empty set vs empty string vs nothing and Zen

From my explanations of the set theory to my daughter yesterday.

A set is a container, an empty string (ε or nothing) is an element. A set with nothing inside is not empty, because there is nothing inside. A set is empty (∅) if it does not have anything inside.

In python:

$ python
>>> nothing=''
>>> set=[nothing]
>>> set
['']
>>> set.append('')
>>> set
['', '']
>>> set.remove('')
>>> set
['']
>>> set.remove(nothing)
>>> set
[]
>>> emptyset=[]
>>> emptyset
[]

Doing nothing or not doing anything are two different things.

One-liner: how to check the SSL certificate expiration of several servers

for i in cnn.com bbc.co.uk
do
  exp=`echo | openssl s_client -connect $i:443  2>/dev/null | 
  openssl x509 -noout -dates | fgrep notAfter | sed -e 's/^.*=//'`
  echo "$i        $exp"
done

cnn.com	    Feb  6 12:00:00 2018 GMT
bbc.co.uk   Apr 20 10:01:10 2017 GMT

One-liner: how to count the total amount of specific lines in several files

egrep -c extended */*.conf | 
awk 'BEGIN {FS=":"; sum=0;}{sum +=$2} END {print sum}'  

BTW, using awk alone is slower:

time awk 'BEGIN {sum=0;}/extended/{sum++} END {print sum}' */*.conf
110653

real	0m0.94s
user	0m0.91s
sys	0m0.01s

time egrep -c extended */*.conf | 
awk 'BEGIN {FS=":"; sum=0;}{sum +=$2} END {print sum}'
110653

real	0m0.13s
user	0m0.10s
sys	0m0.02s

fgrep is slower than egrep:

time fgrep -c extended */*.conf | 
awk 'BEGIN {FS=":"; sum=0;}{sum +=$2} END {print sum}'
110653

real	0m0.21s
user	0m0.17s
sys	0m0.03s